Chapter 4. MSRPC, a.k.a. Microsoft implementation of DCE RPC

Table of Contents

4.1. Introduction to MSRPC
4.2. DCE RPC Interface
4.3. MSRPC transports
4.4. MSRPC security model
4.5. RPC services registration
4.6. MSRPC over SMB
4.6.1. Named pipes
4.6.2. Named pipes used as MSRPC endpoints
4.6.3. Well-known MSRPC named pipes
4.7. NULL sessions
4.7.1. Introduction
4.7.2. Enabling NULL sessions restrictions
4.7.3. The ANONYMOUS LOGON network logon session
4.7.4. Restrictions at the share level
4.7.5. Restrictions on named pipes (IPC$ share)
4.7.6. Hardcoded named pipes
4.7.7. Named pipes permissions
4.7.8. Named pipes firewall in Windows XP SP2, Windows Server 2003 SP1 and later versions
4.7.9. NULL sessions restrictions settings in Windows 2000
4.7.10. NULL sessions restrictions settings in Windows XP and Windows Server 2003
4.7.11. NULL session restrictions for the samr interface in Windows XP and Windows Server 2003
4.7.12. NULL session restrictions for the lsarpc interface in Windows XP and Windows Server 2003
4.7.13. NULL sessions restrictions for the samr interface on Active Directory domain contollers
4.7.14. NULL sessions restrictions for the lsarpc interface on Active Directory domain contollers
4.7.15. NULL sessions restrictions of server and workstation RPC operations
4.8. MSRPC over TCP/IP
4.8.1. Portmapper RPC service
4.8.2. RPC interfaces supported by the rpcss service
4.8.3. DCOM-related RPC interfaces running in the rpcss service
4.8.4. ORPC interfaces running in the rpcss service
4.9. Windows core MSRPC interfaces
4.9.1. lsarpc interface
4.9.2. samr interface
4.9.3. netlogon interface
4.9.4. drsuapi interface
4.9.5. dssetup interface
4.9.6. eventlog interface
4.9.7. pnp interface
4.9.8. srvsvc interface
4.9.9. svcctl interface
4.9.10. winreg interface
4.9.11. wkssvc interface
4.10. Windows services MSRPC interfaces
4.10.1. Active Directory domain controllers RPC services
4.10.2. Computer Browser service
4.10.3. DCOM Server Process Launcher
4.10.4. Distributed File System service
4.10.5. DNS server
4.10.6. Exchange RPC services
4.10.7. Exchange RPC services in Active Directory domains
4.10.8. File Replication service
4.10.9. IIS services
4.10.10. Inter-site Messaging service
4.10.11. Message Queuing and Distributed Transaction Coordinator services
4.10.12. Messenger service
4.10.13. NetDDE service
4.10.14. RPC locator service
4.10.15. Scheduler service
4.10.16. Spooler service
4.10.17. WINS service
4.11. Other MSRPC interfaces
4.11.1. Application Management service
4.11.2. Certificate services
4.11.3. Client Service for NetWare
4.11.4. Cryptographic Services service
4.11.5. DHCP Client service
4.11.6. DHCP Server service
4.11.7. Distributed Link Tracking Client service
4.11.8. Distributed Link Tracking Server service
4.11.9. DNS Client service - Windows 2000
4.11.10. DNS Client service - Windows XP and later versions
4.11.11. EFS
4.11.12. Fax server
4.11.13. File Server for Macintosh
4.11.14. IPsec Policy Agent service - Windows 2000
4.11.15. IPsec Services service - Windows XP and later versions
4.11.16. License Logging service
4.11.17. Microsoft SQL Server
4.11.18. Protected storage service
4.11.19. Routing and Remote Access service
4.11.20. Secondary Logon service
4.11.21. Security Configuration Editor Engine
4.11.22. SSDP Discovery Service service
4.11.23. System Event Notification service
4.11.24. Telephony service
4.11.25. Terminal Server service
4.11.26. WebClient service
4.11.27. Windows Audio service
4.11.28. Windows File Protection
4.11.29. Windows Security Center
4.11.30. Windows Time service
4.11.31. Winlogon process - Windows 2000
4.11.32. Winlogon process - Windows Server 2003
4.11.33. Wireless Configuration service
4.12. MSRPC interfaces introduced in Windows Vista
4.12.1. Group Policy Client Service
4.12.2. Network Location Awareness
4.12.3. Network Store Interface
4.12.4. Parental controls
4.12.5. Peer Networking Identity Manager
4.12.6. Remote Registry Service
4.12.7. Windows event collector service
4.12.8. Windows event logging service
4.12.9. Windows Firewall
4.12.10. Windows Wireless LAN 802.11 Auto Configuration Service
4.12.11. Wired Autoconfiguration Service
4.13. Implication of multiple RPC services in one process
4.13.1. Win32 services hosting
4.13.2. Example of multiple RPC services in one process
4.13.3. Implications of running multiple RPC services in one process
4.14. RPC services protection
4.15. RPC interfaces restriction in Windows XP SP2, Windows Server 2003 SP1 and later versions
4.16. MSRPC vulnerabilities
4.17. MSRPC network traffic
4.17.1. MSRPC network traffic analysis with Ethereal
4.17.2. MSRPC network traffic analysis in Network Intrusion Prevention Systems
4.17.3. MSRPC network traffic analysis in Firewalls
4.18. DCOM
4.18.1. COM interfaces
4.18.2. DCOM network traffic