Link Search Menu Expand Document


MS-RPC client tool (part of the samba suite). More information:

  • Connect to a remote host:

rpcclient --user {{domain}}\{{username}}%{{password}} {{ip}}

  • Connect to a remote host on a domain without a password:

rpcclient --user {{username}} --workgroup {{domain}} --no-pass {{ip}}

  • Connect to a remote host, passing the password hash:

rpcclient --user {{domain}}\{{username}} --pw-nt-hash {{ip}}

  • Execute shell commands on a remote host:

rpcclient --user {{domain}}\{{username}}%{{password}} --command {{semicolon_separated_commands}} {{ip}}

  • Display domain users:

rpcclient $> enumdomusers

  • Display privileges:

rpcclient $> enumprivs

  • Display information about a specific user:

rpcclient $> queryuser {{username|rid}}

  • Create a new user in the domain:

rpcclient $> createdomuser {{username}}