Hi, I have written a patch for the rpcinfo command that allows querying the port-mapper via UDP instead of TCP. I added a new parameter (upper-case P) for this functionality. It was helpful for me during a penetration test and I thought it might be worth adding to the project. Signed-off-by: Leandro Meiners <lmeiners@xxxxxxxxx> Thanks, Leandro Meiners.- -- Leandro Federico Meiners
diff -uprN rpcbind-0.2.0-orig/man/rpcinfo.8 rpcbind-0.2.0/man/rpcinfo.8 --- rpcbind-0.2.0-orig/man/rpcinfo.8 2009-05-29 14:38:22.000000000 +0100 +++ rpcbind-0.2.0/man/rpcinfo.8 2012-07-02 15:25:31.406104938 +0100 @@ -14,6 +14,8 @@ .Nm "rpcinfo" .Fl p Op Ar host .Nm "rpcinfo" +.Fl P Op Ar host +.Nm "rpcinfo" .Fl T Ar transport .Ar host Ar prognum .Op Ar versnum @@ -239,7 +241,23 @@ on .Ar host using version 2 of the .Nm rpcbind -protocol, +protocol with TCP as the transport protocol, +and display a list of all registered RPC programs. +If +.Ar host +is not specified, it defaults to the local host. +Note: Version 2 of the +.Nm rpcbind +protocol was previously known as the portmapper protocol. +.Pp +.It Fl P +Probe +.Nm rpcbind +on +.Ar host +using version 2 of the +.Nm rpcbind +protocol with UDP as the transport protocol, and display a list of all registered RPC programs. If .Ar host diff -uprN rpcbind-0.2.0-orig/src/rpcinfo.c rpcbind-0.2.0/src/rpcinfo.c --- rpcbind-0.2.0-orig/src/rpcinfo.c 2009-05-29 14:38:22.000000000 +0100 +++ rpcbind-0.2.0/src/rpcinfo.c 2012-07-02 15:25:14.586186540 +0100 @@ -79,7 +79,7 @@ * Functions to be performed. */ #define NONE 0 /* no function */ -#define PMAPDUMP 1 /* dump portmapper registrations */ +#define PMAPDUMP_TCP 1 /* dump portmapper registrations using TCP*/ #define TCPPING 2 /* ping TCP service */ #define UDPPING 3 /* ping UDP service */ #define BROADCAST 4 /* ping broadcast service */ @@ -90,6 +90,7 @@ #define RPCBDUMP_SHORT 9 /* dump rpcbind registrations - short version */ #define RPCBADDRLIST 10 /* dump addr list about one prog */ #define RPCBGETSTAT 11 /* Get statistics */ +#define PMAPDUMP_UDP 13 /* dump portmapper registrations using UDP*/ struct netidlist { @@ -117,7 +118,7 @@ struct rpcbdump_short static void ip_ping (u_short, char *, int, char **); static CLIENT *clnt_com_create (struct sockaddr_in *, u_long, u_long, int *, char *); -static void pmapdump (int, char **); +static void pmapdump (int, char **, char *); static void get_inet_address (struct sockaddr_in *, char *); #endif @@ -161,7 +162,7 @@ main (int argc, char **argv) function = NONE; errflg = 0; #ifdef PORTMAP - while ((c = getopt (argc, argv, "a:bdlmn:pstT:u")) != -1) + while ((c = getopt (argc, argv, "a:bdlmn:pPstT:u")) != -1) #else while ((c = getopt (argc, argv, "a:bdlmn:sT:")) != -1) #endif @@ -173,7 +174,14 @@ main (int argc, char **argv) if (function != NONE) errflg = 1; else - function = PMAPDUMP; + function = PMAPDUMP_TCP; + break; + + case 'P': + if (function != NONE) + errflg = 1; + else + function = PMAPDUMP_UDP; break; case 't': @@ -270,13 +278,22 @@ main (int argc, char **argv) switch (function) { #ifdef PORTMAP - case PMAPDUMP: + case PMAPDUMP_TCP: if (portnum != 0) { usage (); return 1; } - pmapdump (argc - optind, argv + optind); + pmapdump (argc - optind, argv + optind, "tcp"); + break; + + case PMAPDUMP_UDP: + if (portnum != 0) + { + usage (); + return 1; + } + pmapdump (argc - optind, argv + optind, "udp"); break; case UDPPING: @@ -344,7 +361,7 @@ local_rpcb (rpcprog_t prog, rpcvers_t ve sock = socket (AF_LOCAL, SOCK_STREAM, 0); if (sock < 0) return NULL; - + sun.sun_family = AF_LOCAL; strcpy (sun.sun_path, _PATH_RPCBINDSOCK); nbuf.len = SUN_LEN (&sun); @@ -517,9 +534,10 @@ ip_ping (portnum, trans, argc, argv) * Dump all the portmapper registerations */ static void -pmapdump (argc, argv) +pmapdump (argc, argv, trans) int argc; char **argv; + char *trans; { struct sockaddr_in server_addr; struct pmaplist *head = NULL; @@ -541,8 +559,20 @@ pmapdump (argc, argv) host = argv[0]; get_inet_address (&server_addr, host); server_addr.sin_port = htons (PMAPPORT); - client = clnttcp_create (&server_addr, PMAPPROG, PMAPVERS, - &socket, 50, 500); + if (strcmp (trans, "tcp") == 0) + { + client = clnttcp_create (&server_addr, PMAPPROG, PMAPVERS, + &socket, 50, 500); + } + else + { + struct timeval to; + + to.tv_sec = 5; + to.tv_usec = 0; + client = clntudp_create (&server_addr, PMAPPROG, PMAPVERS, + to, &socket); + } } else client = local_rpcb (PMAPPROG, PMAPVERS); @@ -1714,6 +1744,7 @@ usage () fprintf (stderr, "Usage: rpcinfo [-m | -s] [host]\n"); #ifdef PORTMAP fprintf (stderr, " rpcinfo -p [host]\n"); + fprintf (stderr, " rpcinfo -P [host]\n"); #endif fprintf (stderr, " rpcinfo -T netid host prognum [versnum]\n"); fprintf (stderr, " rpcinfo -l host prognum versnum\n");