More with rpcclient
Got asked to help remotely locate local admins on boxes on a network. rpcclient $> enumalsgroups Usage: enumalsgroups builtin|domain [access mask] rpcclient $> enumalsgroups builtin group:[Administrators] rid:[0x220] group:[Backup Operators] rid:[0x227] group:[Guests] rid:[0x222] group:[Network Configuration Operators] rid:[0x22c] group:[Power Users] rid:[0x223] group:[Remote Desktop Users] rid:[0x22b] group:[Replicator] rid:[0x228] group:[Users] rid:[0x221] Now you would think that doing a querygroup […]
read more »