You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I discovered a little bug in module /auxiliary/scanner/dcerpc/hidden
To list hidden RPC endpoints, I tried executing this module against my target system.
Some of the endpoints are available, others are not reachable from my system which would result in a timeout.
Turns out, that the auxiliary module terminates as soon as it hits an endpoint, that is either not reachable, or denies the access to it. Instead of terminating it should try the next discovered endpoint.
resource (rpc_hidden.conf)> use auxiliary/scanner/dcerpc/hidden
resource (rpc_hidden.conf)> set rhosts TARGET
rhosts => TARGET
resource (rpc_hidden.conf)> run
[*] TARGET: - Connecting to the endpoint mapper service...
[*] TARGET: - Looking for services on TARGET:49152...
[*] TARGET: - Remote Management Interface Error: The connection timed out (TARGET:49152).
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Affected Code Lines
The issue is caused by the following line (hidden.rb:58):
return if not ids
When no interface identifiers are returned for the current endpoint, the function returns, rather than moving to the next discovered endpoint.
Proposed Fix
The affected line above could be replaced by the following line, to move to the next iteration step rather than terminating after the current endpoint threw an error:
Hello,
I discovered a little bug in module /auxiliary/scanner/dcerpc/hidden
To list hidden RPC endpoints, I tried executing this module against my target system.
Some of the endpoints are available, others are not reachable from my system which would result in a timeout.
Turns out, that the auxiliary module terminates as soon as it hits an endpoint, that is either not reachable, or denies the access to it. Instead of terminating it should try the next discovered endpoint.
Expected behavior
Current behavior
Affected Code Lines
The issue is caused by the following line (hidden.rb:58):
return if not ids
When no interface identifiers are returned for the current endpoint, the function returns, rather than moving to the next discovered endpoint.
Proposed Fix
The affected line above could be replaced by the following line, to move to the next iteration step rather than terminating after the current endpoint threw an error:
next if not ids
Environment
Metasploit version
Framework: 4.16.29-dev-8de760f
Console : 4.16.29-dev-8de760f
OS
Metasploit installed in Docker Container (Alpine Linux 3.4) via git.
References
[1] https://www.rapid7.com/db/modules/auxiliary/scanner/dcerpc/hidden
[2] https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/dcerpc/hidden.rb#L58
The text was updated successfully, but these errors were encountered: