Share via

Mitigar Vulnerabilidad DCE/RPC and MSRPC

Lara CP 0 Puntos de reputación
2024-04-18T07:49:03.74+00:00

Hola,

Necesito ayuda con una vulnerabilidad que detectamos en nuestros  servidores.

Vulnerability Detection Result

Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:

Port: 49664/tcp

     UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49664]

Port: 49665/tcp

     UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49665]
     Annotation: DHCP Client LRPC Endpoint

     UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49665]
     Annotation: DHCPv6 Client LRPC Endpoint

     UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49665]
     Annotation: Event log TCPIP

Port: 49666/tcp

     UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49666]
     Named pipe : lsass
     Win32 service or process : lsass.exe
     Description : SAM access

     UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49666]
     Annotation: Ngc Pop Key Service

     UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49666]
     Annotation: Ngc Pop Key Service

     UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
     Endpoint: ncacn_ip_tcp:192.168.221.155[49666]
     Annotation: KeyIso

Port: 49667/tcp

     UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49667]

     UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49667]
     Named pipe : spoolss
     Win32 service or process : spoolsv.exe
     Description : Spooler service

     UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49667]

     UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49667]

     UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49667]

Port: 49670/tcp

     UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: UserMgrCli

     UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: AppInfo

     UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]

     UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: Proxy Manager provider server endpoint

     UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]

     UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: IP Transition Configuration endpoint

     UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: AppInfo

     UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: AppInfo

     UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]

     UUID: b18fbab6-56f8-4702-84e0-41053293a869, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: UserMgrCli

     UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: Proxy Manager client server endpoint

     UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: Adh APIs

     UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]

     UUID: fb9a3757-cff0-4db0-b9fc-bd6c131612fd, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: AppInfo

     UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49670]
     Annotation: AppInfo

Port: 49671/tcp

     UUID: 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: UserMgrCli

     UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: AppInfo

     UUID: 29770a8f-829b-4158-90a2-78cd488501f7, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]

     UUID: 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: Proxy Manager provider server endpoint

     UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: IP Transition Configuration endpoint

     UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: AppInfo

     UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: AppInfo

     UUID: b18fbab6-56f8-4702-84e0-41053293a869, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: UserMgrCli

     UUID: c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: Proxy Manager client server endpoint

     UUID: c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: Adh APIs

     UUID: d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]

     UUID: fb9a3757-cff0-4db0-b9fc-bd6c131612fd, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: AppInfo

     UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1
     Endpoint: ncacn_ip_tcp:192.168.221.155[49671]
     Annotation: AppInfo

Port: 49672/tcp

     UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
     Endpoint: ncacn_ip_tcp:192.168.221.155[49672]
Windows Server
Windows Server
Familia de sistemas operativos de servidor de Microsoft que admiten administración de nivel empresarial, almacenamiento de datos, aplicaciones y comunicaciones.
102 preguntas

1 respuesta

Ordenar por: Muy útil
Muy útil Más reciente Más antiguo
  1. "K" 0 Puntos de reputación
    2024-04-18T19:02:27.08+00:00

    Hola los foros me han ayudado bastante y pondre mi granito de arena

    esta vulnerabilidad la logre mitigar asiendo dos reglas en firewall

    la primera es crear una regla de entrada que permita el acceso ala ip

    del active directory y la segunda una regla de entrada que bloque el puerto

    local TCP 135 te recomiendo que agas pruebas en una maquina virtual al aser

    el analisis se mitiga esa vulnerabilidad

    0 comentarios