Comment on page

(MS)RPC

Enumerate, shows if any NFS mount exposed:
rpcinfo -p $ip
nmap $ip --script=msrpc-enum
nmap -n -v -sV -Pn 192.168.0.101 --script=msrpc-enum
Connection
Connect to an RPC share without a username and password and enumerate privledges
rpcclient --user="" --command=enumprivs -N $ip
Connect to an RPC share with a username and enumerate privledges
rpcclient --user="<Username>" --command=enumprivs $ip
Command
rpcclient>srvinfo
rpcclient>enumdomusers
rpcclient>getdompwinfo

Services Enumeration - Previous

Finger

Next - Password attack (Brute-force)

Brute-force service password

Last modified 3yr ago