Comment on page
(MS)RPC
rpcinfo -p $ip
nmap $ip --script=msrpc-enum
nmap -n -v -sV -Pn 192.168.0.101 --script=msrpc-enum
Connect to an RPC share without a username and password and enumerate privledges
rpcclient --user="" --command=enumprivs -N $ip
Connect to an RPC share with a username and enumerate privledges
rpcclient --user="<Username>" --command=enumprivs $ip
rpcclient>srvinfo
rpcclient>enumdomusers
rpcclient>getdompwinfo