[转载]Bypass RPC portmapper filtering security PoC
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])What is a portmapper ?
Portmapper is a kind of database that register Remote Procedure Call
services by RPC Services numbers, version numbers, tcp/udp ports, and protocols that have to
be used (tcp or udp or boths). Portmapper always run on port 111 tcp/udp.
When clients want access to a service, they first contact the portmapper, and it tells them
which port they should then contact in order to reach the desired service.
If portmapper is not present or not accessible the request will fail.
The problem with RPC is the weakness of security.
Many security problems have been related for RPC services (unauthorized accesses, overflows,
spoofing etc...).
页:
[1]