TCP: RPC - 135 / 593

Connection

Anonymous Login

rpcclient -U "" -N <Target IP Address>

rpcclient -U "" <Target IP Address>

Guest Login

rpcclient -U "guest" <Target IP Address>

Enumerate

NOTE: The following can only be executed if you are in RPC console

Enumerate domain users

enumdomusers

NOTE: The above command returns RID

Get group info

enumdomgroups
querygroup <RID>

Dump detailed user info

queryuser <RID>

Get domain policy

getdompwinfo