MS06-025 Microsoft RRAS Service RASMAN Registry Overflow Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


MS06-025 Microsoft RRAS Service RASMAN Registry Overflow Scanner Detail

Detects Microsoft Windows systems with Ras RPC service vulnerable to MS06-025.

MS06-025 targets the RasRpcSumbitRequest() RPC method which is a part of RASRPC interface that serves as a RPC service for configuring and getting information from the Remote Access and Routing service. RASRPC can be accessed using either "\ROUTER" SMB pipe or the "\SRVSVC" SMB pipe (usually on Windows XP machines). This is in RPC world known as "ncan_np" RPC transport. RasRpcSumbitRequest() method is a generic method which provides different functionalities according to the RequestBuffer structure and particularly the RegType field within that structure. RegType field is of enum ReqTypes type. This enum type lists all the different available operation that can be performed using the RasRpcSubmitRequest() RPC method. The one particular operation that this vuln targets is the REQTYPE_GETDEVCONFIG request to get device information on the RRAS.

This script was previously part of smb-check-vulns.

Some Advice for Common Problems

Microsoft has released a set of patches for Windows. Download the latest patch.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service