Just use a straight RPORT, don't sneak 593.

Incidentally, the endmap scanner doesn't appear to work at all for http-rpc-epmap, so no harm done anyway (tested against Windows 2008 server). It looks like a bigger change than it realy is, thanks to the indentaton changes by removing the itertor. Diff this without whitespace changes to get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00 · 2013-11-19 13:29:02 -06:00 · ac1fb2d1da
parent 4d76e8e9ac
commit ac1fb2d1da
1 changed files with 9 additions and 15 deletions
--- a/lib/msf/core/exploit/dcerpc_epm.rb
+++ b/lib/msf/core/exploit/dcerpc_epm.rb
@ -43,10 +43,8 @@ module Exploit::Remote::DCERPC_EPM
    print_status("Connecting to the endpoint mapper service...")
    begin
      eps   = nil
-      dport = nil
+      dport = datastore['RPORT'] || 135

-      [datastore['RPORT'], 135, 593,].uniq.each do |i|
-        dport = i
      begin
        eps = Rex::Socket::Tcp.create(
          'PeerHost'  => rhost,
@ -58,12 +56,8 @@ module Exploit::Remote::DCERPC_EPM
            'MsfExploit' => self,
          }
        )
-
-          break
-
      rescue ::Exception
      end
-      end

      if (not eps)
        print_status("Could not connect to the endpoint mapper service")