Search...

MSRPC Service Detection

2006-09-11T00:00:00

ID MSRPC_SERVICES.NASL
Type nessus
Reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2019-09-25T00:00:00

Description

The remote host is running a Windows RPC service. This service replies to the RPC Bind Request with a Bind Ack response.

However it is not possible to determine the uuid of this service.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description)
{
 script_id(22319);
 script_version("1.10");
 script_cvs_date("Date: 2019/09/25  9:17:09");

 script_name(english:"MSRPC Service Detection");
 script_summary(english:"Detects an MSRPC Service");

 script_set_attribute(attribute:"synopsis", value:
"A DCE/RPC server is listening on the remote host." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a Windows RPC service. This service
replies to the RPC Bind Request with a Bind Ack response.

However it is not possible to determine the uuid of this service." );
 script_set_attribute(attribute:"risk_factor", value:"None" );
 script_set_attribute(attribute:"solution", value:"n/a" );
 script_set_attribute(attribute:"plugin_publication_date", value: "2006/09/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();


 script_category(ACT_GATHER_INFO);
 script_family(english:"Service detection");

 script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_require_ports("Services/unknown");
 script_dependencies("find_service2.nasl", "dcetest.nasl", "smb_nativelanman.nasl");

 exit(0);
}


include("global_settings.inc");
include("smb_func.inc");
include("misc_func.inc");

if ( ! thorough_tests ) 
{
 kb = get_kb_item("Host/OS/smb");
 if ("Windows" &gt;!&lt; kb)
   exit(0);
}

if ( get_kb_item("global_settings/disable_service_discovery")  ) exit(0);

port = get_kb_item("Services/unknown");
if (! port) exit(0);
if (! get_port_state(port)) exit(0);
if (! service_is_unknown(port: port)) exit(0);

soc = open_sock_tcp(port);
if (! soc) exit(0);

session_init (socket:soc);

ret = dce_rpc_bind(cid:session_get_cid(), uuid:"6e657373-7573-7465-6e61-626c65736563", vers:1);
send (socket:soc, data:ret);
resp = recv (socket:soc, length:4096);

if (!resp || (strlen(resp) != 60))
  exit (0);

if ((ord(resp[0]) == 5) &&  # version
    (ord(resp[1]) == 0) &&  # version minor
    (ord(resp[2]) == 12))   # bind ack
{
 register_service(port:port, proto:"dce-rpc");
 security_note (port); 
}

JSON Vulners Source

Initial Source

{"id": "MSRPC_SERVICES.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "MSRPC Service Detection", "description": "The remote host is running a Windows RPC service. This service replies to the RPC Bind Request with a Bind Ack response.\n\nHowever it is not possible to determine the uuid of this service.", "published": "2006-09-11T00:00:00", "modified": "2019-09-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/22319", "reporter": "This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-10-16T16:11:26", "viewCount": 51, "enchantments": {"dependencies": {}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "nessus", "idList": ["SMB_NATIVELANMAN.NASL"]}]}, "exploitation": null, "vulnersScore": -0.0}, "pluginID": "22319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22319);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/25 9:17:09\");\n\n script_name(english:\"MSRPC Service Detection\");\n script_summary(english:\"Detects an MSRPC Service\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A DCE/RPC server is listening on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a Windows RPC service. This service\nreplies to the RPC Bind Request with a Bind Ack response.\n\nHowever it is not possible to determine the uuid of this service.\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n script_set_attribute(attribute:\"solution\", value:\"n/a\" );\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/09/11\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_require_ports(\"Services/unknown\");\n script_dependencies(\"find_service2.nasl\", \"dcetest.nasl\", \"smb_nativelanman.nasl\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! thorough_tests ) \n{\n kb = get_kb_item(\"Host/OS/smb\");\n if (\"Windows\" >!< kb)\n exit(0);\n}\n\nif ( get_kb_item(\"global_settings/disable_service_discovery\") ) exit(0);\n\nport = get_kb_item(\"Services/unknown\");\nif (! port) exit(0);\nif (! get_port_state(port)) exit(0);\nif (! service_is_unknown(port: port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (! soc) exit(0);\n\nsession_init (socket:soc);\n\nret = dce_rpc_bind(cid:session_get_cid(), uuid:\"6e657373-7573-7465-6e61-626c65736563\", vers:1);\nsend (socket:soc, data:ret);\nresp = recv (socket:soc, length:4096);\n\nif (!resp || (strlen(resp) != 60))\n exit (0);\n\nif ((ord(resp[0]) == 5) && # version\n (ord(resp[1]) == 0) && # version minor\n (ord(resp[2]) == 12)) # bind ack\n{\n register_service(port:port, proto:\"dce-rpc\");\n security_note (port); \n}\n", "naslFamily": "Service detection", "cpe": ["cpe:/o:microsoft:windows"], "solution": "", "nessusSeverity": "Info", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

MSRPC Service Detection

Description

The remote host is running a Windows RPC service. This service replies to the RPC Bind Request with a Bind Ack response. However it is not possible to determine the uuid of this service.

The remote host is running a Windows RPC service. This service replies to the RPC Bind Request with a Bind Ack response.

However it is not possible to determine the uuid of this service.