Name rpcclient — tool for executing client side MS-RPC functions Synopsis rpcclient [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logdir] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-I destinationIP] {server} DESCRIPTION This tool is part of the samba(7) suite. rpcclient is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone […]
read more »Got asked to help remotely locate local admins on boxes on a network. rpcclient $> enumalsgroups Usage: enumalsgroups builtin|domain [access mask] rpcclient $> enumalsgroups builtin group:[Administrators] rid:[0x220] group:[Backup Operators] rid:[0x227] group:[Guests] rid:[0x222] group:[Network Configuration Operators] rid:[0x22c] group:[Power Users] rid:[0x223] group:[Remote Desktop Users] rid:[0x22b] group:[Replicator] rid:[0x228] group:[Users] rid:[0x221] Now you would think that doing a querygroup […]
read more »So say you are given the assignment of doing an audit in a non-english speaking country. you are at a minimum going to have to locate how they spell administrator in the country in question. if google doesnt help you or gives you multiple options (like it did me this time) if you can find […]
read more »
Rpcclient is Your Friend! By Ed Skoudis I absolutely adore the Server Message Block (SMB) protocol. Sure, it’s ugly and bewilderingly complex. But, what I love is the raw power SMB provides for manipulating Windows environments during a penetration test. Via SMB, you can remotely access file shares, the registry, services, domain authentication, and much […]
read more »
Yeah so i was bored on the hotel wireless…errr lab…and started seeing who had ports 135, 139, 445 open. I found one guy running OS X 10.4 with Samba running and one guy running Ubuntu with Samba running, oh and also one guy running XP SP0/1 vulnerable to DCOM (wont even go down that road). […]
read more »