From aea96a2549ecc080a26b69f7c3b62b83dd534f23 Mon Sep 17 00:00:00 2001 From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com> Date: Mon, 7 Apr 2025 17:17:15 +0200 Subject: [PATCH 1/5] rpcdump.py.md: add page --- pages/common/rpcdump.py.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 pages/common/rpcdump.py.md diff --git a/pages/common/rpcdump.py.md b/pages/common/rpcdump.py.md new file mode 100644 index 00000000000000..0fcb1c809e09ec --- /dev/null +++ b/pages/common/rpcdump.py.md @@ -0,0 +1,25 @@ +# rpcdump.py + +> Dump remote RPC endpoints information via the Endpoint Mapper. +> Part of the Impacket suite. +> More information: . + +- Dump RPC endpoints using username and password: + +`rpcdump.py {{domain}}/{{username}}:{{password}}@{{target}}` + +- Dump RPC endpoints using NTLM hashes: + +`rpcdump.py -hashes {{LMHASH}}:{{NTHASH}} {{domain}}/{{username}}:{{password}}@{{target}}` + +- Specify a target IP address explicitly (useful if the target name is a NetBIOS name): + +`rpcdump.py -target-ip {{target_ip}} {{domain}}/{{username}}:{{password}}@{{target}}` + +- Connect to a specific port (default is 135 for RPC Endpoint Mapper): + +`rpcdump.py -port {{port_number}} {{domain}}/{{username}}:{{password}}@{{target}}` + +- Enable debug output: + +`rpcdump.py -debug {{domain}}/{{username}}:{{password}}@{{target}}` From 426e40ae29dcc8107aba171a3670be885955ab49 Mon Sep 17 00:00:00 2001 From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com> Date: Mon, 7 Apr 2025 17:18:34 +0200 Subject: [PATCH 2/5] impacket-rpcdump: add page --- pages/common/impacket-rpcdump.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 pages/common/impacket-rpcdump.md diff --git a/pages/common/impacket-rpcdump.md b/pages/common/impacket-rpcdump.md new file mode 100644 index 00000000000000..2498ec1613eaf9 --- /dev/null +++ b/pages/common/impacket-rpcdump.md @@ -0,0 +1,8 @@ +# impacket-rpcdump + +> This command is an alias of `rpcdump.py`. +> More information: . + +- View documentation for the original command: + +`tldr rpcdump.py` From fdb487d7a3bad966c4a7f0fc1f82ef41f9ea46dd Mon Sep 17 00:00:00 2001 From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com> Date: Mon, 7 Apr 2025 17:45:33 +0200 Subject: [PATCH 3/5] rpcmap.py: add page --- pages/common/rpcmap.py.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 pages/common/rpcmap.py.md diff --git a/pages/common/rpcmap.py.md b/pages/common/rpcmap.py.md new file mode 100644 index 00000000000000..88a3a018e1d1fc --- /dev/null +++ b/pages/common/rpcmap.py.md @@ -0,0 +1,37 @@ +# rpcmap.py + +> Lookup listening MSRPC interfaces using a string binding (e.g., `ncacn_ip_tcp:host[port]`). +> Part of the Impacket suite. +> More information: . + +- Connect to an MSRPC interface using a string binding (e.g., `ncacn_ip_tcp:host[port]`): + +`rpcmap.py {{stringbinding}}` + +- Bruteforce UUIDs even if the MGMT interface is available: + +`rpcmap.py -brute-uuids {{stringbinding}}` + +- Bruteforce operation numbers (opnums) for discovered UUIDs: + +`rpcmap.py -brute-opnums {{stringbinding}}` + +- Bruteforce major versions of found UUIDs: + +`rpcmap.py -brute-versions {{stringbinding}}` + +- Specify a target IP address manually: + +`rpcmap.py -target-ip {{ip_address}} {{stringbinding}}` + +- Authenticate to the RPC interface with username and password: + +`rpcmap.py -auth-rpc {{[domain/]username[:password]}} {{stringbinding}}` + +- Authenticate using NTLM hashes for RPC: + +`rpcmap.py -hashes-rpc {{LMHASH:NTHASH}} {{stringbinding}}` + +- Enable debug output for verbose information: + +`rpcmap.py -debug {{stringbinding}}` From b57fab36b0e2efa73cf4eb03c4008156a730a5a1 Mon Sep 17 00:00:00 2001 From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com> Date: Mon, 7 Apr 2025 18:04:05 +0200 Subject: [PATCH 4/5] impacket-rpcmap: add page --- pages/common/impacket-rpcmap.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 pages/common/impacket-rpcmap.md diff --git a/pages/common/impacket-rpcmap.md b/pages/common/impacket-rpcmap.md new file mode 100644 index 00000000000000..25a8bbaa555a68 --- /dev/null +++ b/pages/common/impacket-rpcmap.md @@ -0,0 +1,8 @@ +# impacket-rpcmap + +> This command is an alias of `rpcmap.py`. +> More information: . + +- View documentation for the original command: + +`tldr rpcmap.py` From 52bd619ffdab0887cf60720d2be46a9ee8c1ea10 Mon Sep 17 00:00:00 2001 From: Machiavelli <145562237+MachiavelliII@users.noreply.github.com> Date: Mon, 7 Apr 2025 18:12:34 +0200 Subject: [PATCH 5/5] rpcmap.py: update page --- pages/common/rpcmap.py.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/common/rpcmap.py.md b/pages/common/rpcmap.py.md index 88a3a018e1d1fc..b16a05c874f36c 100644 --- a/pages/common/rpcmap.py.md +++ b/pages/common/rpcmap.py.md @@ -26,7 +26,7 @@ - Authenticate to the RPC interface with username and password: -`rpcmap.py -auth-rpc {{[domain/]username[:password]}} {{stringbinding}}` +`rpcmap.py -auth-rpc {{domain}}/{{username}}:{{password}} {{stringbinding}}` - Authenticate using NTLM hashes for RPC: