Remote Procedure Calls (RPCs) are a generic framework for clients to execute procedures on servers and have the result returned if there is one. Unfortunately, history has shown that RPCs can bevulnerable to buffer overflow attacks that allow attackers to inject malicious code that is executed.To make mattersworse, many RPC services run with elevated privileges giving attackerscomplete control over vulnerable systems. In this Lab, you will gain quite a bit of information via RPC services. You will usea Kali Linuxhost to gain further information abouta Metasploitable 2 host. Both hostsare running as virtual machines in a Hyper-V virtual environment. This Lab is designed for theCREST Practitioner Security Analyst (CPSA) certification examinationbut is of value to security practitioners in general. Upon completion of this Lab you will be able to: This Lab is intended for: You should be familiar with: You can fulfill the prerequisites by completing theLinux Command Line Byte Session Learning Path. November 14th, 2022 - Updated the instructions and screenshots to reflect the latest UI June 1st, 2021 - Added instruction to install missing signature for apt command July 10th, 2020 - Enabled direct browser RDP connection for a streamlined experience July 1st, 2019 - Added instruction to install the missing package on Kali Linux for rpcinfoLearningObjectives
Intended Audience
Prerequisites
Updates
See Also
Web3 Is the Future of the Internet—Here’s Why You Need to Know About ItRPC vs. Messaging – which is faster?What are Nodes and Clients in Ethereum? - GeeksforGeeksgRPC vs REST: A Comparison Guide for 2024