RPC

• Usually on port 135, 593

Enumerate RPC

rpcclient

• rpcclient -U "" -c "enumdomusers" -N 10.10.10.161 enumerate users

• rpcclient -U "" -c "enumprivs" -N 10.10.10.161 enumerate privileges

• Get domain info rpcclient -U "" -c "querydominfo" -N 10.10.10.161

• rpcclient -U "" -c "enumdomgroups" -N 10.10.10.161 enumerate group

Resources

Active Directory Enumeration: RPCClient - Hacking ArticlesHacking Articles

Active Directory Enumeration: RPCClient

135, 593 - Pentesting MSRPCHackTricks

Pentesting MSRPC