RPC
RPCClient
rpcclient -U '' -N 10.10.10.10rpcclient -U 'qu35t' 10.10.10.10Enumeration
List all users.
enumdomusersGet informations from a user.
queryuser 0x450List all groups.
enumdomgroupsGet informations from a group.
querygroup 0x450Show members of a group.
querygroupmem 0x450enumprintersList all domains.
enumdomainsGet informations from a domain.
querydominfolookupnames qu35tquerydisplayinfolookupsids S-1-5-21-4254423774-1266059056-3197185112-1008Brute forcing user RIDs.
for i in $(seq 500 1100);do rpcclient -N -U "" 10.10.10.10 -c "queryuser 0x$(printf '%x\n' $i)" | grep "User Name\|user_rid\|group_rid" && echo "";doneWith an impacket script.
samrdump.py 10.10.10.10setuserinfo2 'qu35t' 23 'NewPassw0rd!'References
Last updated