Forrest logo
back to the rpcclient tool

rpcclient:tldr:2ffa4

rpcclient: Connect to a remote host, passing the password hash.
$ rpcclient --user ${domain}\${username} --pw-nt-hash ${ip}
try on your machine

The command is using the "rpcclient" tool to establish an RPC (Remote Procedure Call) session with a remote Windows machine.

Here is a breakdown of each part of the command:

  • "rpcclient": This is the command that executes the rpcclient tool, which provides an interface to interact with remote machines over RPC.

  • "--user ${domain}\${username}": Specifies the username and domain to authenticate with when establishing the RPC session. You need to replace "${domain}" with the actual domain name and "${username}" with the desired username. The format is usually "domain\username".

  • "--pw-nt-hash": Indicates that the password provided will be in the Windows NT Hash format. The Windows NT Hash is a one-way hash of the user's password, typically used for authentication purposes.

  • "${ip}": Defines the IP address of the remote machine you want to connect to. You need to replace "${ip}" with the actual IP address of the target machine.

Overall, this command executes rpcclient, provides the necessary credentials (domain, username, and password NT hash), and establishes an RPC session with the specified remote Windows machine (identified by its IP address).

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the rpcclient tool