| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <64da0cf20410131456422daa1e@mail.gmail.com> From: wari00 at gmail.com (Roberto Gomez BolaƱos) Subject: Possibly a stupid question RPC over HTTP Barry Fitzgerald wrote: > Daniel H. Renner wrote: > >> Daniel, >> >> Could you please point out where you read this data? I would like to >> see this one... >> >> > > I seem to remember that this was one of the caveats with regard to > MSBlast and RPC/DCOM vulnerabilities last year. > > In certain configurations, it was theoretically possible (I'd never > personally seen any PoC code or worms that exploited it, though) that > some RPC calls could be made via RPC over HTML. According to the more than theoretically posibly... u can chek that with the DCE/RPC endpoint dumper program that is part of the impacket python package: http://oss.coresecurity.com/projects/impacket.html http://oss.coresecurity.com/impacket/rpcdump.py
Powered by blists - more mailing lists