(MS)RPC

rpcinfo -p $ip

nmap $ip --script=msrpc-enum

nmap -n -v -sV -Pn 192.168.0.101 --script=msrpc-enum

Connect to an RPC share without a username and password and enumerate privledges

rpcclient --user="" --command=enumprivs -N $ip

Connect to an RPC share with a username and enumerate privledges

rpcclient --user="<Username>" --command=enumprivs $ip

rpcclient>srvinfo
rpcclient>enumdomusers
rpcclient>getdompwinfo

Last updated 3 years ago