Thursday, March 6, 2008

MSRPC Auditing

Cody Pierce and Aaron Portnoy have released the Msrpc framework for auditing the Microsoft RPC protocol. The presented the tool in DeepSec 2007, it was a good presentation where they show us how they used to analyze RPC. Now the tools is available at Google Code.

pymsrpc is an attempt to develop a working library for communicating with remote Microsoft RPC endpoints. It includes an IDL parser and NDR data types for making requests.

The following toolset is recommended by them:
  • PyMSRPC consists of the following components
  • Lexer and Parse
  • A library of NDR objects
  • Utilizes Impacket from CORE for transport
  • Tie-ins for the Sulley Fuzzing Framework
This framework allows you to immediately communicate and audit an RPC service.

No comments: