Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-20 10:03:51 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md

127 lines
10 KiB
Markdown
Raw Normal View History

Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
# rpcclient enumeration
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
<details>
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
<summary>Support HackTricks</summary>
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
</details>
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
{% endhint %}
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-03-24 12:25:47 +00:00
**Try Hard Security Group**
Translated ['README.md', 'forensics/basic-forensic-methodology/partition
2024-03-14 23:33:23 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-03-26 15:44:24 +00:00
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
Translated ['README.md', 'forensics/basic-forensic-methodology/partition
2024-03-14 23:33:23 +00:00
{% embed url="https://discord.gg/tryhardsecurity" %}
***
GitBook: [#3559] No subject
2022-10-04 23:49:59 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
### Visão Geral dos Identificadores Relativos (RID) e Identificadores de Segurança (SID)
GitBook: [#3559] No subject
2022-10-04 23:49:59 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
**Identificadores Relativos (RID)** e **Identificadores de Segurança (SID)** são componentes chave nos sistemas operacionais Windows para identificar e gerenciar objetos, como usuários e grupos, dentro de um domínio de rede.
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
- **SIDs** servem como identificadores únicos para domínios, garantindo que cada domínio seja distinguível.
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
- **RIDs** são anexados aos SIDs para criar identificadores únicos para objetos dentro desses domínios. Essa combinação permite o rastreamento e gerenciamento precisos das permissões e controles de acesso dos objetos.
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
Por exemplo, um usuário chamado `pepe` pode ter um identificador único combinando o SID do domínio com seu RID específico, representado em formatos hexadecimal (`0x457`) e decimal (`1111`). Isso resulta em um identificador completo e único para pepe dentro do domínio como: `S-1-5-21-1074507654-1937615267-42093643874-1111`.
GitBook: [#3559] No subject
2022-10-04 23:49:59 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
### **Enumeração com rpcclient**
GitBook: [#3559] No subject
2022-10-04 23:49:59 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
O utilitário **`rpcclient`** do Samba é utilizado para interagir com **pontos finais RPC através de pipes nomeados**. Abaixo estão os comandos que podem ser emitidos para as interfaces SAMR, LSARPC e LSARPC-DS após uma **sessão SMB ser estabelecida**, frequentemente necessitando de credenciais.
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
#### Informações do Servidor
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
* Para obter **Informações do Servidor**: o comando `srvinfo` é utilizado.
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
#### Enumeração de Usuários
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer
2024-02-08 22:20:49 +00:00
* **Usuários podem ser listados** usando: `querydispinfo` e `enumdomusers`.
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
* **Detalhes de um usuário** por: `queryuser <0xrid>`.
* **Grupos de um usuário** com: `queryusergroups <0xrid>`.
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-03-24 12:25:47 +00:00
* **O SID de um usuário é recuperado** através de: `lookupnames <username>`.
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
* **Aliases de usuários** por: `queryuseraliases [builtin|domain] <sid>`.
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
```bash
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
# Users' RIDs-forced
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
for i in $(seq 500 1100); do
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
rpcclient -N -U "" [IP_ADDRESS] -c "queryuser 0x$(printf '%x\n' $i)" | grep "User Name\|user_rid\|group_rid" && echo "";
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
done
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
# samrdump.py can also serve this purpose
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
```
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene
2023-09-03 01:19:04 +00:00
#### Enumeração de Grupos
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
* **Grupos** por: `enumdomgroups`.
* **Detalhes de um grupo** com: `querygroup <0xrid>`.
* **Membros de um grupo** através de: `querygroupmem <0xrid>`.
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene
2023-09-03 01:19:04 +00:00
#### Enumeração de Grupos de Alias
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
* **Grupos de alias** por: `enumalsgroups <builtin|domain>`.
* **Membros de um grupo de alias** com: `queryaliasmem builtin|domain <0xrid>`.
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene
2023-09-03 01:19:04 +00:00
#### Enumeração de Domínios
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
* **Domínios** usando: `enumdomains`.
* **O SID de um domínio é recuperado** através de: `lsaquery`.
* **Informações do domínio são obtidas** por: `querydominfo`.
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene
2023-09-03 01:19:04 +00:00
#### Enumeração de Compartilhamentos
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
* **Todos os compartilhamentos disponíveis** por: `netshareenumall`.
* **Informações sobre um compartilhamento específico são obtidas** com: `netsharegetinfo <share>`.
#### Operações Adicionais com SIDs
* **SIDs por nome** usando: `lookupnames <username>`.
* **Mais SIDs** através de: `lsaenumsid`.
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
* **Ciclo RID para verificar mais SIDs** é realizado por: `lookupsids <sid>`.
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
#### **Comandos extras**
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-02-05 02:45:11 +00:00
| **Comando** | **Interface** | **Descrição** |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
| queryuser | SAMR | Recuperar informações do usuário |
| querygroup | Recuperar informações do grupo | |
| querydominfo | Recuperar informações do domínio | |
| enumdomusers | Enumerar usuários do domínio | |
| enumdomgroups | Enumerar grupos do domínio | |
| createdomuser | Criar um usuário do domínio | |
| deletedomuser | Deletar um usuário do domínio | |
| lookupnames | LSARPC | Procurar nomes de usuários para valores SID[a](https://learning.oreilly.com/library/view/network-security-assessment/9781491911044/ch08.html#ch08fn8) |
| lookupsids | Procurar SIDs para nomes de usuários (ciclo RID[b](https://learning.oreilly.com/library/view/network-security-assessment/9781491911044/ch08.html#ch08fn9)) | |
| lsaaddacctrights | Adicionar direitos a uma conta de usuário | |
| lsaremoveacctrights | Remover direitos de uma conta de usuário | |
| dsroledominfo | LSARPC-DS | Obter informações do domínio primário |
| dsenumdomtrusts | Enumerar domínios confiáveis dentro de uma floresta AD | |
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Para **entender** melhor como as ferramentas _**samrdump**_ **e** _**rpcdump**_ funcionam, você deve ler [**Pentesting MSRPC**](../135-pentesting-msrpc.md).
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
**Try Hard Security Group**
Translated ['README.md', 'forensics/basic-forensic-methodology/partition
2024-03-14 23:33:23 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system
2024-03-26 15:44:24 +00:00
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
Translated ['README.md', 'forensics/basic-forensic-methodology/partition
2024-03-14 23:33:23 +00:00
{% embed url="https://discord.gg/tryhardsecurity" %}
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
{% hint style="success" %}
Aprenda e pratique Hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Aprenda e pratique Hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
<details>
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
<summary>Support HackTricks</summary>
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
* Confira os [**planos de assinatura**](https://github.com/sponsors/carlospolop)!
* **Junte-se ao** 💬 [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga**-nos no **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe truques de hacking enviando PRs para os repositórios do** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).
GitBook: [#3557] No subject
2022-10-04 21:36:29 +00:00
</details>
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 03:59:20 +00:00
{% endhint %}
Reference in a new issue Copy permalink