RPC (Remote Procedure Call) Enumeration

• • Connect to an RPC share without a username and password and enumerate privledgesrpcclient --user="" --command=enumprivs -N $ip

  • Connect to an RPC share with a username and enumerate privledgesrpcclient --user="<Username>" --command=enumprivs $ip

Banner grabbing and finding publicly known exploits

Run following nmap scripts

bitcoinrpc-info.nse

metasploit-msgrpc-brute.nse

metasploit-xmlrpc-brute.nse

msrpc-enum.nse

Banner grabbing and finding publicly known exploits

Run following nmap scripts

bitcoinrpc-info.nse

metasploit-msgrpc-brute.nse

metasploit-xmlrpc-brute.nse

msrpc-enum.nse

nessus-xmlrpc-brute.nse

rpcap-brute.nse

rpcap-info.nse

rpc-grind.nse

rpcinfo.nse

xmlrpc-methods.nse

Perform RPC enumeration using rcpinfo tool

Check for the NFS folders so that data could be exported using showmount -e command