Enumeration, enumeration, and even more enumeration is the generic pentesting mantra, but enumeration is worthless if you can't read the results.
I came across the Windows RPC service, where metasploit returns results such as
msf auxiliary(endpoint_mapper) > run
[*] Connecting to the endpoint mapper service...
[*] 12345778-1234-abcd-ef00-0123456789ac v1.0 TCP (49179) 192.168.41.221
[*] 2f5f6521-cb55-1059-b446-00df0bce31db v1.0 PIPE (\pipe\tapsrv)
\\XXXXX [Unimodem LRPC Endpoint]
[*] 2f5f6521-cb55-1059-b446-00df0bce31db v1.0 LRPC (tapsrvlpc) [Unimodem
LRPC Endpoint]
[*] 2f5f6521-cb55-1059-b446-00df0bce31db v1.0 LRPC (unimdmsvc) [Unimodem
LRPC Endpoint]
[*] 906b0ce0-c70b-1067-b317-00dd010662da v1.0 LRPC
(LRPC-d08ef1fa6d632a075d)
[*] 906b0ce0-c70b-1067-b317-00dd010662da v1.0 LRPC
(LRPC-d08ef1fa6d632a075d)
[*] 906b0ce0-c70b-1067-b317-00dd010662da v1.0 LRPC
(LRPC-d08ef1fa6d632a075d)
[*] 906b0ce0-c70b-1067-b317-00dd010662da v1.0 LRPC
(LRPC-d08ef1fa6d632a075d)
[*] 906b0ce0-c70b-1067-b317-00dd010662da v1.0 LRPC
(OLEEE86D47927814F3C96D95E0A7601)
[*] 906b0ce0-c70b-1067-b317-00dd010662da v1.0 LRPC
(LRPC-bec9533644f8432732)
[*] 367abb81-9844-35f1-ad32-98f038001003 v2.0 TCP (49164) 192.168.41.221
[*] 12345678-1234-abcd-ef00-0123456789ab v1.0 LRPC
(LRPC-9d7905a8727cb4e919) [IPSec Policy agent endpoint]
[*] 50abc2a4-574d-40b3-9d66-ee4fd5fba076 v5.0 TCP (49155) 192.168.41.221
...
or
msf auxiliary(management) > run
[*] UUID e1af8308-5d1f-11c9-91a4-08002b14a0fa v3.0
[*] Remote Management Interface Error: DCERPC FAULT => nca_s_fault_ndr
[*] listening: 00000000
[*] killed: 00000005
[*] name: 00010000000000000100000000000000d3060000
[*] UUID 0b0a6584-9e0f-11cf-a3cf-00805f68cb1b v1.1
[*] Remote Management Interface Error: DCERPC FAULT => nca_s_fault_ndr
[*] listening: 00000000
[*] killed: 00000005
[*] name: 00010000000000000100000000000000d3060000
...
or
msf auxiliary(tcp_dcerpc_auditor) > run
192.168.41.221 - UUID 99fcfec4-5260-101b-bbcb-00aa0021347a 0.0 OPEN VIA
135 ACCESS GRANTED 00000000000000000000000000000000000000000000000076070000
192.168.41.221 - UUID afa8bd80-7d8a-11c9-bef4-08002b102989 1.0 OPEN VIA
135 ACCESS GRANTED
000002000c0000000c00000004000200080002000c0002001000020014000200180002001c0002002000020024000200280002002c000200300002000883afe11f5dc91191a408002b14a0fa0300000084650a0b0f9ecf11a3cf00805f68cb1b0100010026b5551d37c1c546ab79638f2a68e86901000000e6730ce6f988cf119af10020af6e72f402000000c4fefc9960521b10bbcb00aa0021347a00000000609ee7b9523dce11aaa100006901293f000002001e242f412ac1ce11abff0020af6e7a17000002003601000000000000c0000000000000460000000072eef3c67eced111b71e00c04fc3111a01000000b84a9f4d1c7dcf11861e0020af6e7c5700000000a001000000000000c000000000000046000000007f0bfe64f59e5345a7db9a19757775540100000000000000
However, I have no idea what to do with this information. Sample #1 seems to be kind of useful, but anyway: How would this information help an attacker to plan his next move? What is metasploit telling me here?
