HOME>>>>>>>>>

File msrpc-enum

脚本使用类型: hostrule
脚本所属分类: safe, discovery
脚本下载地址: http://nmap.org/svn/scripts/msrpc-enum.nse

User Summary

Queries an MSRPC endpoint mapper for a list of mapped services and displays the gathered information.

As it is using smb library, you can specify optional username and password to use.

Script works much like Microsoft's rpcdump tool or dcedump tool from SPIKE fuzzer.

Script Arguments

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

执行格式

nmap <target> --script=msrpc-enum

Script Output

PORT    STATE SERVICE      REASON
445/tcp open  microsoft-ds syn-ack

Host script results:
| msrpc-enum:
|
|     uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
|     annotation: DHCP Client LRPC Endpoint
|     ncalrpc: dhcpcsvc
|
|     uuid: 12345678-1234-abcd-ef00-0123456789ab
|     annotation: IPSec Policy agent endpoint
|     ncalrpc: audit
|
|     uuid: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5
|     ip_addr: 0.0.0.0
|     annotation: DHCP Client LRPC Endpoint
|     tcp_port: 49153
|
<snip>
|
|     uuid: 12345678-1234-abcd-ef00-0123456789ab
|     annotation: IPSec Policy agent endpoint
|     ncalrpc: securityevent
|
|     uuid: 12345678-1234-abcd-ef00-0123456789ab
|     annotation: IPSec Policy agent endpoint
|_    ncalrpc: protected_storage

Requires


Author: Aleksandar Nikolic

License: VER007 整理 http://www.ver007.com