Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
Hidden DCERPC Service Discovery
This module will query the endpoint mapper and make a list of all ncacn_tcp RPC services. It will then connect to each of these services and use the management API to list all other RPC services accessible on this port. Any RPC service found attached to a TCP port, but not listed in the endpoint mapper, will be displayed and analyzed to see whether anonymous access is permitted.
Rank
- Normal
Authors
- hdm < hdm [at] metasploit.com >
Development
Similar Modules
- auxiliary/scanner/dcerpc/endpoint_mapper
- auxiliary/scanner/dcerpc/management
- auxiliary/scanner/dcerpc/tcp_dcerpc_auditor
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/dcerpc/hidden
msf auxiliary(hidden) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(hidden) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/dcerpc/hidden
msf auxiliary(hidden) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(hidden) > run
Module Options
| RHOSTS | The target address range or CIDR identifier |
| THREADS | The number of concurrent threads (default: 1) |
| CHOST | The local client address |
| CPORT | The local client port |
| ConnectTimeout | Maximum number of seconds to establish a TCP connection |
| DCERPC::ReadTimeout | The number of seconds to wait for DCERPC responses |
| Proxies | Use a proxy chain |
| SSL | Negotiate SSL for outgoing connections |
| SSLVersion | Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) |
| ShowProgress | Display progress messages during a scan |
| ShowProgressPercent | The interval in percent that progress should be shown |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |
| DCERPC::fake_bind_multi | Use multi-context bind calls |
| DCERPC::fake_bind_multi_append | Set the number of UUIDs to append the target |
| DCERPC::fake_bind_multi_prepend | Set the number of UUIDs to prepend before the target |
| DCERPC::max_frag_size | Set the DCERPC packet fragmentation size |
| DCERPC::smb_pipeio | Use a different delivery method for accessing named pipes (accepted: rw, trans) |
| TCP::max_send_size | Maxiumum tcp segment size. (0 = disable) |
| TCP::send_delay | Delays inserted before every send. (0 = disable) |