Modifying named pipes

• Most RPC implementations hardcode named pipes for each RPC service

  • Example: MSRPC (Windows implementation), rpcclient, ...

• Named pipe names have to be modified on the fly

  • SMB signing does not exist for NULL sessions
  • netsed is the perfect tool to modify named pipe names
    • thanks to Thomas Seyrat for suggesting it

• Tricks for named pipe name substitution

  • Maintain Unicode encoding
  • Remove \ when the substituted name is one character shorter
  • Add one or several \ when the substituted name is longer