Nytro Posted November 21, 2017 Report Posted November 21, 2017 RPC Forge RPC Forge is a local Python fuzzer of Windows RPC interfaces available over ALPC. The fuzzer parses the interfaces definitions and automatically performs valid calls on the RPC methods. This is more a PoC than a real fuzzer. Its aim was to be able to forge a valid serialized stream reaching RPC methods code without being rejected by the Windows RPC Runtime (because of bad arguments type leading to error: RPC_X_BAD_STUB_DATA). Thus, it doesn't contain any instrumentation in the server side to improve code coverage. RPC Forge was part of our work on Windows RPC and was introduced at PacSec 2017: A view into ALPC-RPC. Internal working Select one random interface Connect and bind to it through epmapper RPC service or fixed ALPC endpoint name (see Usage) Randomly choose one method Generate valid call arguments according to the method parameters types based on Sulley Generator Save the logs (call information) in a local file (depends on config.py) Perform the call with marshaled (NDR) generated arguments Extract any context_handle from the returned stream (to forge calls expecting a valid context_handle) Loop (Step 1 or Step 3) Deps PythonForWindows providing a Python implementation to play with ALPC and RPC. Sursa: https://github.com/sogeti-esec-lab/RPCForge Quote
