Skip to content

Introduction

RPC (Remote Procedure Call) is a protocol that enables a program to execute procedures on a remote system as if they were local. It abstracts the complexities of network communication, making it essential for building distributed applications. RPC allows seamless interaction between client and server components, handling the network communication and data exchange behind the scenes.

RPC Server Exploration

# Connect to RPC server using rpcclient on port 135/TCP with null (anonymous) authentication
rpcclient -U "" -N [TARGET-IP] 
rpcclient -U "[USERNAME]" [TARGET-IP] # With creds 

# Extract information about the display settings of the server
querydispinfo  

# lists all users in the domain cop
rpcclient -U "" -N [TARGET-IP] -c "enumdomusers" > output.txt

# Extract user names from 'output.txt'
cat output.txt | awk -F\[ '{print $2}' | awk -F\] '{print $1}' > users.lst


#Brute Forcing User RIDs
for i in $(seq 500 1100);do rpcclient -N -U "" [TARGET-IP] -c "queryuser 0x$(printf '%x\n' $i)" | grep "User Name\|user_rid\|group_rid" && echo "";done