Forrest logo
tool overview
On this page you find all important commands for the CLI tool rpcclient. If the command you are looking for is missing please ask our AI.

rpcclient

rpcclient is a command line tool used for making remote procedure calls to Microsoft Windows systems. It is a part of the Samba suite, which provides interoperability between Windows and Unix-like operating systems. The tool allows users to perform various administrative tasks on remote Windows computers by accessing their RPC (Remote Procedure Call) interfaces.

With rpcclient, users can connect to a target Windows system and execute commands remotely, similar to how you would use Telnet or SSH to access a remote machine. It provides a textual interface for interacting with the Windows system, allowing users to execute commands, retrieve information, and perform administrative actions like adding or deleting users, managing shares, and modifying registry settings.

rpcclient supports several RPC interfaces, including the Server Service, Netlogon, SAMR (Security Accounts Manager Remote Protocol), LSA (Local Security Authority), and more. It also supports various authentication mechanisms, allowing users to authenticate themselves before performing any operations on the remote system.

The tool uses the DCE/RPC (Distributed Computing Environment/Remote Procedure Call) protocol, which is a network protocol used for communication between clients and servers in a distributed computing environment. It provides a standardized way for applications to call functions on remote systems.

By leveraging rpcclient, system administrators can automate or script administrative tasks on Windows systems, manage user accounts, troubleshoot network issues, and interact with various Windows services remotely. The tool is particularly useful in environments where both Windows and Unix-like systems exist, making it easier to manage and administer different types of systems from a single interface.

List of commands for rpcclient:

  • rpcclient:tldr:0a889 rpcclient: Connect to a remote host on a domain without a password.
    $ rpcclient --user ${username} --workgroup ${domain} --no-pass ${ip}
    try on your machine
    explain this command
  • rpcclient:tldr:0e250 rpcclient: Create a new user in the domain.
    $ rpcclient $> createdomuser ${username}
    try on your machine
    explain this command
  • rpcclient:tldr:2ffa4 rpcclient: Connect to a remote host, passing the password hash.
    $ rpcclient --user ${domain}\${username} --pw-nt-hash ${ip}
    try on your machine
    explain this command
  • rpcclient:tldr:323cd rpcclient: Connect to a remote host.
    $ rpcclient --user ${domain}\${username}%${password} ${ip}
    try on your machine
    explain this command
  • rpcclient:tldr:3d3e7 rpcclient: Display information about a specific user.
    $ rpcclient $> queryuser ${select}
    try on your machine
    explain this command
  • rpcclient:tldr:77abf rpcclient: Display privileges.
    $ rpcclient $> enumprivs
    try on your machine
    explain this command
  • rpcclient:tldr:9d169 rpcclient: Execute shell commands on a remote host.
    $ rpcclient --user ${domain}\${username}%${password} --command ${semicolon_separated_commands} ${ip}
    try on your machine
    explain this command
  • rpcclient:tldr:a694c rpcclient: Display domain users.
    $ rpcclient $> enumdomusers
    try on your machine
    explain this command
tool overview