Responder icon indicating copy to clipboard operation
Responder copied to clipboard

Published 20 hours ago verified publisher icon lgandx

DCE-RPC server not handling wmic or Impacket's rpcmap

Open jmbesnard opened this issue 3 years ago • 1 comments

Hello

I've been trying to use the recently released DCE-RPC server of Responder with wmic and Impacket's rpcmap.py script. Responder is running with -r and -d options (as per README.md). ICMP packet are blocked using ICMP (as per https://twitter.com/PythonResponder/status/1383235792386936835) Running the following :

  • wmic /node:IP_OF_RESPONDER os get version, or
  • rpcmap.py -auth-rpc LAB/foo:bar ncacn_ip_tcp:IP_OF_RESPONDER does not lead to anything being caught by Responder.

Cheers

JM

jmbesnard avatar May 11 '21 19:05 jmbesnard

Hi, Thank you for submitting this issue. So far only the most common servers are supported, these are:

  • WINSPOOL
  • LSARPC
  • DSRUAPI However, I definitely plan to add more RPC servers as I receive issue like this one :)

Thanks,

lgandx avatar May 12 '21 01:05 lgandx