Enumerate Users Anonymously - RPC

rpcclient

RPC stands for Remote Procedure Call. This is a type of protocol that enables one computer or program to remotely communicate with another computer or program. In the simplest terms, RPCs enable you to connect to a network.

An RPC must be initiated by the client (or requester), which sends a message (or a request) to a remote server (or receiver). Once the server receives the request, it sends a response to the client, and the client continues with the process it was originally running.

rpcclient -U "north.newyork.local\\" 192.168.56.11 -N
enumdomusers
enumdomgroups

Get all domain users:

net rpc group members 'Domain Users' -W 'NORTH' -I '192.168.56.11' -U '%'

Save users to users.txt so we can use it later :)

PreviousEnumerating Users With CME - Anonymously NextEnumerating User with Ldapsearch and enum4linux - Anonymously

Last updated 2 years ago

hashtagrpcclient

hashtagGet all domain users:

hashtagSave users to users.txt so we can use it later :)

rpcclient

Get all domain users:

Save users to users.txt so we can use it later :)