RPC is a remote procedure call (or a function call that carries out tasks on a different computer). RPC enumeration is the process of discovering what services are running on what port numbers. Enumerating RPC services can aid in finding information leaks because it allows an attacker to map which systems are most vulnerable, potentially to be exploited at some point. Many people often confuse RPC enumeration with finger pointing or scanning for vulnerabilities. They all involve digging for specific information about the target system, but they don’t work exactly the same way. Finger pointing requires a list of systems to scan, while patching is usually done to the server’s software, so it can be more secure. RPC enumeration, on the other hand, involves finding out what type of information is stored in a given system and where that system falls in the network.
Types of RPC services:
- Machine dependencies: Machine dependencies are special files that an application requires in order to work properly. Client-specific dependencies are specific for a client machine on which an application runs. Server-specific dependencies are files that only run on an individual server machine to make sure the requested application runs properly once it is started up.
- Client-specific dependencies: RPC servers make calls to their client’s applications via the RPC interface, which is identified by a transport layer protocol (TCP/IP) port number. This allows the RPC server to use a single port number for both client and server applications. Some RPC services operate on a single port number, while others operate on different ports. For example, RPC services that run on TCP/80 are identified by the port numbers 80 or 8080.
Important Points:
- RPC services or RPC calls have to be saved to a file in order for them to be of use. RPC servers are not necessarily required for the software to run, and client-side applications are not necessarily required for an RPC server to exist.
- RPC is a term used by clients and servers for remote procedure calls within an operating system (OS) or network application, such as an API. It is also a file type in UNIX systems, but it is not required in UNIX OS (such as Linux).
- One point of confusion between RPC dependency enumeration and “finger pointing” is that you are aiming at the machine rather than the service which might be running on the machine.
Key Points:
- RPC is a protocol that makes use of the remote procedure call (RPC) framework. Thus, it is differentiated from other protocols due to its focus on services rather than applications. RPC applications are similar to services, but they are more specific.
- Clients connect to an application over a network in order to run it, while they connect to service once the connection is done. Also, the services that run on a machine via RPC might not necessarily be RPC applications.
- RPC is also an acronym for “Real-time Publish/Subscribe.” This is relevant because Real-time Publish/Subscribe can be used in conjunction with RPC services as well. Also, RPC ports cannot be trusted, so it is possible that there could be another application running on that port aside from the one you intend.
Conclusion:
RPC service enumeration is not the same as finding out what your target’s vulnerabilities are. It is more about taking note of specific information about the network in general. This can involve approaching an RPC server and learning more about it, but you cannot do so without having to first check for vulnerabilities. Every other method for digging for information about something or someone usually involves vulnerability analysis first.