A very simple RPC server I've developed while studying Windows RPC.
Has cpp and python client implementations as well.
Use x64 native tools command prompt of visual studio.
Generate header files with
midl /app_config rpc_backdoor_server.idl
Compiling server,
cl.exe .\server.cpp .\rpc_backdoor_server_s.c
Running server,
.\server.exe
Compiling client,
cl.exe .\client.cpp .\rpc_backdoor_server_c.c
Running client,
.\client.exe ipconfig
or
python3 client.py whoami
- AES encrypted traffic
- Protected inferfaces, (Only allows anonymous connections now, I might consider adding protected interfaces as well)
- Other protocol sequences
- https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html
- https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html
- https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
- https://sensepost.com/blog/2021/building-an-offensive-rpc-interface/
- https://itm4n.github.io/fuzzing-windows-rpc-rpcview/
- https://itm4n.github.io/from-rpcview-to-petitpotam/
- https://docs.microsoft.com/en-us/windows/win32/rpc/protocol-sequence-constants