Just use a straight RPORT, don't sneak 593.

Incidentally, the endmap scanner doesn't appear to work at all for http-rpc-epmap, so no harm done anyway (tested against Windows 2008 server). It looks like a bigger change than it realy is, thanks to the indentaton changes by removing the itertor. Diff this without whitespace changes to get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00 · 2013-11-19 13:29:02 -06:00 · ac1fb2d1da
parent 4d76e8e9ac
commit ac1fb2d1da
1 changed files with 9 additions and 15 deletions
--- a/lib/msf/core/exploit/dcerpc_epm.rb
+++ b/lib/msf/core/exploit/dcerpc_epm.rb
@ -43,26 +43,20 @@ module Exploit::Remote::DCERPC_EPM
    print_status("Connecting to the endpoint mapper service...")
    begin
      eps   = nil
-      dport = nil
+      dport = datastore['RPORT'] || 135

-      [datastore['RPORT'], 135, 593,].uniq.each do |i|
-        dport = i
-        begin
-          eps = Rex::Socket::Tcp.create(
+      begin
+        eps = Rex::Socket::Tcp.create(
          'PeerHost'  => rhost,
          'PeerPort'  => dport,
          'Proxies'   => proxies,
          'Context'   =>
-            {
-              'Msf'        => framework,
-              'MsfExploit' => self,
-            }
-          )
-
-          break
-
-        rescue ::Exception
-        end
+          {
+            'Msf'        => framework,
+            'MsfExploit' => self,
+          }
+        )
+      rescue ::Exception
      end

      if (not eps)