TCP: RPC - 135 / 593
Connection
Anonymous Login
rpcclient -U "" -N <Target IP Address>rpcclient -U "" <Target IP Address>Guest Login
rpcclient -U "guest" <Target IP Address>Enumerate
NOTE: The following can only be executed if you are in RPC console
Enumerate domain users
enumdomusersNOTE: The above command returns RID
Get group info
enumdomgroups
querygroup <RID>Dump detailed user info
queryuser <RID>Get domain policy
getdompwinfoLast updated