Linux command
rpcclient 命令
网络
复制后可按需替换文件名、目录或参数。
常用示例
Connect
rpcclient -U domain\username%password ip_address
Example
rpcclient -U username -W domain -N ip_address
Example
rpcclient -U domain\username --pw-nt-hash ip_address
Example
rpcclient -U domain\username%password -c "command1;command2" ip_address
Example
rpcclient $> enumdomusers
Example
rpcclient $> queryuser username
Enumerate domain groups
rpcclient $> enumdomgroups
Look up SID
rpcclient $> lookupnames username
Get server info
rpcclient $> srvinfo
Create
rpcclient $> createdomuser username
说明
rpcclient is an MS-RPC client tool from the Samba suite. It allows executing RPC commands against Windows systems and Samba servers for user management, enumeration, and administration. Interactive mode provides a shell for executing RPC commands like enumdomusers, queryuser, and createdomuser.
参数
- -U, --user _user_
- Username for authentication (domain\user%password format)
- -W, --workgroup _domain_
- Workgroup or domain name
- -N, --no-pass
- Connect without password
- --pw-nt-hash
- Password is an NT hash
- -c, --command _commands_
- Execute semicolon-separated commands
- -A, --authentication-file _file_
- Read credentials from file (username, password, domain)
- -k, --kerberos
- Use Kerberos authentication
- -I, --dest-ip _ip_
- Specify destination IP address
FAQ
What is the rpcclient command used for?
rpcclient is an MS-RPC client tool from the Samba suite. It allows executing RPC commands against Windows systems and Samba servers for user management, enumeration, and administration. Interactive mode provides a shell for executing RPC commands like enumdomusers, queryuser, and createdomuser.
How do I run a basic rpcclient example?
Run `rpcclient -U domain\username%password ip_address` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -U, --user _user_ do in rpcclient?
Username for authentication (domain\user%password format)