OSCP Notes
Search…
(MS)RPC

Enumerate, shows if any NFS mount exposed:

1
rpcinfo -p $ip
Copied!
1
nmap $ip --script=msrpc-enum
Copied!
1
nmap -n -v -sV -Pn 192.168.0.101 --script=msrpc-enum
Copied!

Connection

Connect to an RPC share without a username and password and enumerate privledges
1
rpcclient --user="" --command=enumprivs -N $ip
Copied!
Connect to an RPC share with a username and enumerate privledges
1
rpcclient --user="<Username>" --command=enumprivs $ip
Copied!

Command

1
rpcclient>srvinfo
2
rpcclient>enumdomusers
3
rpcclient>getdompwinfo
Copied!
Last modified 1yr ago