rpcclient
MS-RPC client tool (part of the samba suite). More information: https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html.
-
Connect to a remote host:
rpcclient --user {{domain}}\{{username}}%{{password}} {{ip}}
-
Connect to a remote host on a domain without a password:
rpcclient --user {{username}} --workgroup {{domain}} --no-pass {{ip}}
-
Connect to a remote host, passing the password hash:
rpcclient --user {{domain}}\{{username}} --pw-nt-hash {{ip}}
-
Execute shell commands on a remote host:
rpcclient --user {{domain}}\{{username}}%{{password}} --command {{semicolon_separated_commands}} {{ip}}
-
Display domain users:
rpcclient $> enumdomusers
-
Display privileges:
rpcclient $> enumprivs
-
Display information about a specific user:
rpcclient $> queryuser {{username|rid}}
-
Create a new user in the domain:
rpcclient $> createdomuser {{username}}
License and Disclaimer
The content on this page is copyright © 2014—present the tldr-pages team and contributors.This page is used with permission under Creative Commons Attribution 4.0 International License.
While we do attempt to make sure content is accurate, there isn't a warranty of any kind.