Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Error while framing RPC Packet
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Wed, 23 Jun 2010 02:26:02 -0500

On Wed, Jun 23, 2010 at 11:06:30AM +0530, Sujit Ghosal wrote:
Hi All,
   I am framing an RPC packet structure for one MSMQ Service UUID:
41208ee0-e970-11d1-9b9e-00e02c064c39

   The problem I am facing now is while crafting the RPC Packet based on the
above UUID. It seems I am making some mess while constructing the packet for
the above UUID as I guess that its because of invalid structure for Opnum
0x01. I think I am doing some miscalculations. Btw I was successful to bind
to the above interface as I got the ACK that the interface has been bound
successfully, but the time I am sending the Opnum to perform my attack then
I am not framing the bytes properly. I am coming across with one DCERPC
response as "nca_s_fault_invalid_tag" whose PDU fault value is 1C000006. So
I am not able to proceed further. :(

   So I was just wondering, if there is any documentation which can give
some excerpt on how this packet framing should be done for different Opnums
i.e. 0x01 or 0x06 or 0x12 with any UUIDs?

I'm not an expert at Windows RPC by any means, but I think maybe what
you're looking for is mIDA. It is a plugin for IDA Pro that can
extract IDL (Interface Descriptor Language?) definitions from
binaries. The general process would be opening the msmq service binary
(exe/dll/whatever) into IDA and running mIDA on it,

If that doesn't help, I recommend stepping through the NDR decoding
routines and paying special attention to the data that is being
decoded. It may point out exactly which part you're messing up.

Hope this helps!

-- 
Joshua J. Drake

Attachment: _bin
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]