Jump to content
Nytro

RPC Forge

Recommended Posts

RPC Forge

RPC Forge is a local Python fuzzer of Windows RPC interfaces available over ALPC.

The fuzzer parses the interfaces definitions and automatically performs valid calls on the RPC methods.

This is more a PoC than a real fuzzer. Its aim was to be able to forge a valid serialized stream reaching RPC methods code without being rejected by the Windows RPC Runtime (because of bad arguments type leading to error: RPC_X_BAD_STUB_DATA).

Thus, it doesn't contain any instrumentation in the server side to improve code coverage.

RPC Forge was part of our work on Windows RPC and was introduced at PacSec 2017: A view into ALPC-RPC.

Internal working

  1. Select one random interface
  2. Connect and bind to it through epmapper RPC service or fixed ALPC endpoint name (see Usage)
  3. Randomly choose one method
  4. Generate valid call arguments according to the method parameters types based on Sulley Generator
  5. Save the logs (call information) in a local file (depends on config.py)
  6. Perform the call with marshaled (NDR) generated arguments
  7. Extract any context_handle from the returned stream (to forge calls expecting a valid context_handle)
  8. Loop (Step 1 or Step 3)

Deps

PythonForWindows providing a Python implementation to play with ALPC and RPC.

 

Sursa: https://github.com/sogeti-esec-lab/RPCForge

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...