Rarely something you can find, but don't skip
Null login: rpcclient <IP> -U ''
rpcclient <IP> -U ''
Try enumdomusers, enumdomgroups, and querydispinfo to enumerate once you are in rpcclient -U "" -N <IP>
rpcclient -U "" -N <IP>
Try without a password: rpcclient -U "" <IP>
rpcclient -U "" <IP>
Dump: impacket-rpcdump -p 135 <IP>
impacket-rpcdump -p 135 <IP>
Last updated 2 years ago
