135, 593 MSRPC

RPCdump (Impacket)

The command queries RPC locator service and individual RPC endpoints to catalog services running over TCP, UDP, HTTP, and SMB (via named pipes).

Each returned IFID value represents an RPC service.

impacket-rpcdump -p 135 IP

Check for Printer Nightmare vulnerability:

Impacket's rpcdump.py can be used to check for MS-PAR and MS-RPRN protocols:

impacket-rpcdump -p 135 IP | grep -E "MS-RPRN|MS-PAR"

Nmap

nmap -sV -script msrpc-enum -Pn $IP

RPC Client

Interact with individual RPC endpoints via named pipes. Check for Null Session access to SMB. If null session is not allowed, then username and password must be provided.

rpcclient -U "" -N 10.0.0.3

Previous88 Kerberos Next137, 138, 139 NetBios

Last updated 1 year ago