← 返回命令列表

Linux command

impacket-rpcmap 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Enumerate RPC endpoints

impacket-rpcmap '[domain]/[user]:[password]@[192.168.1.100]'

Enumerate RPC endpoints

impacket-rpcmap -no-pass '[192.168.1.100]'

Enumerate using NTLM hash

impacket-rpcmap -hashes ':[nthash]' '[domain]/[user]@[192.168.1.100]'

Scan a specific port

impacket-rpcmap -port [135] '[domain]/[user]:[password]@[192.168.1.100]'

Brute-force operation numbers

impacket-rpcmap -brute-opnums '[domain]/[user]:[password]@[192.168.1.100]'

Use a specific RPC transport

impacket-rpcmap 'ncacn_ip_tcp:[192.168.1.100]'

说明

impacket-rpcmap scans for listening DCE/RPC interfaces on a target system. It can query the RPC endpoint mapper (typically on port 135) or probe specific ports directly using various RPC transports (ncacn_ip_tcp, ncacn_np, ncacn_http). The tool connects to the endpoint mapper (typically on port 135) and retrieves the list of registered RPC interfaces, including their UUIDs, versions, and binding information.

参数

-port _PORT_
Target port to query (default: 135)
-hashes _LMHASH:NTHASH_
Use NTLM hashes for authentication instead of password
-no-pass
Don't ask for password
-k
Use Kerberos authentication from ccache file
-aesKey _KEY_
AES key to use for Kerberos authentication
-brute-opnums
Brute-force operation numbers for each discovered interface
-brute-uuids
Brute-force UUIDs to find hidden interfaces
-auth-level _LEVEL_
Authentication level (1-6, default: 6/PKT_PRIVACY)

FAQ

What is the impacket-rpcmap command used for?

impacket-rpcmap scans for listening DCE/RPC interfaces on a target system. It can query the RPC endpoint mapper (typically on port 135) or probe specific ports directly using various RPC transports (ncacn_ip_tcp, ncacn_np, ncacn_http). The tool connects to the endpoint mapper (typically on port 135) and retrieves the list of registered RPC interfaces, including their UUIDs, versions, and binding information.

How do I run a basic impacket-rpcmap example?

Run `impacket-rpcmap '[domain]/[user]:[password]@[192.168.1.100]'` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -port _PORT_ do in impacket-rpcmap?

Target port to query (default: 135)