Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trustedsec/windows-ms-lsat-rpc-example

Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD
https://github.com/trustedsec/windows-ms-lsat-rpc-example

c cpp rpc visual-studio windows

Last synced: 2 months ago
JSON representation

Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD

Host: GitHub
URL: https://github.com/trustedsec/windows-ms-lsat-rpc-example
Owner: trustedsec
License: mit
Created: 2023-02-08T14:32:39.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-01-04T19:34:07.000Z (about 1 year ago)
Last Synced: 2024-03-26T22:56:56.462Z (10 months ago)
Topics: c, cpp, rpc, visual-studio, windows
Language: C
Homepage:
Size: 604 KB
Stars: 23
Watchers: 4
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

        ## Windows RPC Example

This repository is a companion document to the blog available at [TrustedSec](https://trustedsec.com/blog/rpc-programming-for-the-aspiring-windows-developer) Its main purpose is to help show what an example of calling an RPC function from the generated code of an IDL might look like.

Once you open the solution you will find two projects

### MS-lsat-poc

This project simply makes two calls to aquire a policy object handle and then attempt to translate a couple service names to sids.  Succesfull translation means the service exists on the target machine.  This can be done at a user level as of the writing of this post.

The reason this works is because since windows vista every windows service has an associated virtual account created with the same name as the service itself.  We can take advantage of this to see if a service with a known name exists.  If you want to see how true this is use `sc create` to create a service on your windows machine and then call `sc showsid` on that service to see the virtual account's sid.

### WindowsRpcHelper

This project is a static library that goes largely unused in the MS-lsat-poc.  It provides a framework to help with prototyping more standard smb based rpc connections.  The main function from this library is `make_rpc_request`.  It takes all the arguments required to bind an rpc connection and then on success calls a callback function you specify, passing in a va_list that can be unpacked using va_arg.

### Credits

[reactos project](https://github.com/reactos/reactos)

[mimikatz](https://github.com/gentilkiwi/mimikatz)

This project will not be maintained beyond its intial release.  Its intended purely as a learning tool with the released blog, and as a helper for others learning RPC.  Any pull requests to this repository will be closed without review.