rpcclient enumeration
Try Hard Security Group
Overview of Relative Identifiers (RID) and Security Identifiers (SID)
Relative Identifiers (RID) na Security Identifiers (SID) ni sehemu muhimu katika mifumo ya uendeshaji ya Windows kwa ajili ya kutambulisha na kusimamia vitu, kama watumiaji na vikundi, ndani ya eneo la mtandao.
SIDs hutumikia kama vitambulisho vya kipekee kwa maeneo, kuhakikisha kwamba kila eneo linaweza kutambulika.
RIDs huongezwa kwa SIDs ili kuunda vitambulisho vya kipekee kwa vitu ndani ya maeneo hayo. Mchanganyiko huu unaruhusu kufuatilia na kusimamia ruhusa za vitu na udhibiti wa ufikiaji kwa usahihi.
Kwa mfano, mtumiaji anayeitwa pepe
anaweza kuwa na kitambulisho cha kipekee kinachounganisha SID ya eneo na RID yake maalum, kinachowakilishwa kwa mifumo ya hexadecimal (0x457
) na decimal (1111
). Hii inasababisha kitambulisho kamili na cha kipekee kwa pepe ndani ya eneo kama: S-1-5-21-1074507654-1937615267-42093643874-1111
.
Enumeration with rpcclient
Zana ya rpcclient
kutoka Samba inatumika kwa ajili ya kuingiliana na RPC endpoints kupitia mabomba yaliyopewa majina. Amri zilizo hapa chini zinaweza kutolewa kwa interfaces za SAMR, LSARPC, na LSARPC-DS baada ya sehemu ya SMB kuanzishwa, mara nyingi ikihitaji akidi.
Server Information
Ili kupata Taarifa za Server: amri ya
srvinfo
inatumika.
Enumeration of Users
Watumiaji wanaweza kuorodheshwa kwa kutumia:
querydispinfo
naenumdomusers
.Maelezo ya mtumiaji kwa:
queryuser <0xrid>
.Vikundi vya mtumiaji kwa:
queryusergroups <0xrid>
.SID ya mtumiaji inapatikana kupitia:
lookupnames <username>
.Majina ya watumiaji kwa:
queryuseraliases [builtin|domain] <sid>
.
Enumeration of Groups
Groups by:
enumdomgroups
.Details of a group with:
querygroup <0xrid>
.Members of a group through:
querygroupmem <0xrid>
.
Enumeration of Alias Groups
Alias groups by:
enumalsgroups <builtin|domain>
.Members of an alias group with:
queryaliasmem builtin|domain <0xrid>
.
Enumeration of Domains
Domains using:
enumdomains
.A domain's SID is retrieved through:
lsaquery
.Domain information is obtained by:
querydominfo
.
Enumeration of Shares
All available shares by:
netshareenumall
.Information about a specific share is fetched with:
netsharegetinfo <share>
.
Additional Operations with SIDs
SIDs by name using:
lookupnames <username>
.More SIDs through:
lsaenumsid
.RID cycling to check more SIDs is performed by:
lookupsids <sid>
.
Extra commands
Command | Interface | Description |
queryuser | SAMR | Retrieve user information |
querygroup | Retrieve group information | |
querydominfo | Retrieve domain information | |
enumdomusers | Enumerate domain users | |
enumdomgroups | Enumerate domain groups | |
createdomuser | Create a domain user | |
deletedomuser | Delete a domain user | |
lookupnames | LSARPC | Look up usernames to SIDa values |
lookupsids | Look up SIDs to usernames (RIDb cycling) | |
lsaaddacctrights | Add rights to a user account | |
lsaremoveacctrights | Remove rights from a user account | |
dsroledominfo | LSARPC-DS | Get primary domain information |
dsenumdomtrusts | Enumerate trusted domains within an AD forest |
To understand better how the tools samrdump and rpcdump works you should read Pentesting MSRPC.
Try Hard Security Group
Last updated