rpcclient

MS-RPC client tool (part of the samba suite). More information: https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html.

Connect to a remote host:

rpcclient --user domain\username%password ip

Connect to a remote host on a domain without a password:

rpcclient --user username --workgroup domain --no-pass ip

Connect to a remote host, passing the password hash:

rpcclient --user domain\username --pw-nt-hash ip

Execute shell commands on a remote host:

rpcclient --user domain\username%password --command semicolon_separated_commands ip

Display domain users:

rpcclient $> enumdomusers

Display privileges:

rpcclient $> enumprivs

Display information about a specific user:

rpcclient $> queryuser username|rid

Create a new user in the domain:

rpcclient $> createdomuser username

Report New Issue View Source