# 135, 593 MSRPC

#### RPCdump (Impacket)

The command queries RPC locator service and individual RPC endpoints to catalog services running over TCP, UDP, HTTP, and SMB (via named pipes).

Each returned IFID value represents an RPC service.

```
impacket-rpcdump -p 135 IP
```

Check for **Printer Nightmare** vulnerability:

Impacket's `rpcdump.py` can be used to check for `MS-PAR` and `MS-RPRN` protocols:

```
impacket-rpcdump -p 135 IP | grep -E "MS-RPRN|MS-PAR"
```

#### Nmap

```
nmap -sV -script msrpc-enum -Pn $IP
```

#### RPC Client

Interact with individual RPC endpoints via named pipes. Check for Null Session access to SMB. If null session is not allowed, then username and password must be provided.

```
rpcclient -U "" -N 10.0.0.3
```