RPC
Enumeration
List Network Interfaces
Use this script:
Run the following command:
Example:
Once you have the ipv6 address, you can run nmap against it (htb example). This might give you more open ports than running it against ipv4.
Domain Users and Groups
These commands should be run from an rpcclient prompt.
Enumerate domain users:
Enumerate domain groups:
Query Group Information and Group Membership (you'll get the RIDs from the previous enumdomgroups command):
Query Specific User Information (including computers) by RID.
Password Policy
Get the domain password policy, and get the password policy for a certain user:
Password Spraying
Null Session
If null sessions are allowed, then you can connect using rpcclient like this:
Last updated