Discussion:
[Openvas-discuss] How does openvas enumerate RPC services?
OpenVAS User
2017-11-08 15:30:51 UTC
Permalink
If OpenVAS scans a Windows machine with port 135 open I can see that it is able to successfully enumerate services under a vulnerability found:
DCE/RPC and MSRPC Services Enumeration Reporting

However I am not able to replicate this "manually" from command line on the same box where OpenVAS is installed.
The command that I am using is nmap 10.20.10.12 --script=msrpc-enum -vvv -n
and this is the result that I am getting:

Host script results:
|_msrpc-enum: NT_STATUS_DUPLICATE_NAME

What is OpenVAS using to be able to enumerate those services?

Sent with [ProtonMail](https://protonmail.com) Secure Email.
Christian Fischer
2017-11-09 19:40:13 UTC
Permalink
Hi,
Post by OpenVAS User
If OpenVAS scans a Windows machine with port 135 open I can see that it
is able to successfully enumerate services under a vulnerability found: 
DCE/RPC and MSRPC Services Enumeration Reporting
However I am not able to replicate this "manually" from command line on
the same box where OpenVAS is installed. 
The command that I am using is nmap 10.20.10.12 --script=msrpc-enum -vvv -n
|_msrpc-enum: NT_STATUS_DUPLICATE_NAME
What is OpenVAS using to be able to enumerate those services?
OpenVAS is not using anything special besides own code which you can
find here:

http://plugins.openvas.org/nasl.php?oid=108044

If you have problems with the usage of specific nmap scripts or if they
are not working as expected you could have a look at https://nmap.org/
to see if they provide any support.

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner

Loading...