Does Psexec execute Remote Procedure Calls?
I've heard of RPCs and that they get executed via TCP port 135. I just executed ipconfig
via psexec.exe
on a remote PC and wondered if this is a RPC. As I've seen in Wireshark, the whole process is beeing done via SMB port 445 not DCE/RPC port 135.
So I don't really get what a RPC is? Do you guys have any examples for an RPC?
Yes. Psexec issues a remote procedure call to start up the specified process on the foreign machine with the credentials provided.
Although traditionally 445 is used for SMB and 135 is used for DCOM, both can be used by RPC depending on the specifics of the protocol and the objects that are being remotely used.
For this reason it is particularly important that ports 135 and 445 are blocked from the Internet zone.