2020-10-24 14:06:56 +02:00
|
|
|
# rpcclient
|
|
|
|
|
|
|
|
|
|
> MS-RPC client tool (part of the samba suite).
|
|
|
|
|
> More information: <https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html>.
|
|
|
|
|
|
|
|
|
|
- Connect to a remote host:
|
|
|
|
|
|
2025-04-25 04:34:04 +03:00
|
|
|
`rpcclient {{[-U|--user]}} {{domain}}\{{username}}%{{password}} {{ip}}`
|
2020-10-24 14:06:56 +02:00
|
|
|
|
|
|
|
|
- Connect to a remote host on a domain without a password:
|
|
|
|
|
|
2025-04-25 04:34:04 +03:00
|
|
|
`rpcclient {{[-U|--user]}} {{username}} {{[-W|--workgroup]}} {{domain}} {{[-N|--no-pass]}} {{ip}}`
|
2020-10-24 14:06:56 +02:00
|
|
|
|
|
|
|
|
- Connect to a remote host, passing the password hash:
|
|
|
|
|
|
2025-04-25 04:34:04 +03:00
|
|
|
`rpcclient {{[-U|--user]}} {{domain}}\{{username}} --pw-nt-hash {{ip}}`
|
2020-10-24 14:06:56 +02:00
|
|
|
|
|
|
|
|
- Execute shell commands on a remote host:
|
|
|
|
|
|
2025-04-25 04:34:04 +03:00
|
|
|
`rpcclient {{[-U|--user]}} {{domain}}\{{username}}%{{password}} {{[-c|--command]}} {{semicolon_separated_commands}} {{ip}}`
|
2020-10-24 14:06:56 +02:00
|
|
|
|
|
|
|
|
- Display domain users:
|
|
|
|
|
|
|
|
|
|
`rpcclient $> enumdomusers`
|
|
|
|
|
|
|
|
|
|
- Display privileges:
|
|
|
|
|
|
|
|
|
|
`rpcclient $> enumprivs`
|
|
|
|
|
|
|
|
|
|
- Display information about a specific user:
|
|
|
|
|
|
|
|
|
|
`rpcclient $> queryuser {{username|rid}}`
|
|
|
|
|
|
|
|
|
|
- Create a new user in the domain:
|
|
|
|
|
|
|
|
|
|
`rpcclient $> createdomuser {{username}}`
|
