rpcclient doesn't run on port 445. ENV HTB Forest
A1vinSmith opened this issue · comments
Global search for rpcclient. It shows that ran on port 135 but not 445
Searching 150 files for "rpcclient"
/results/10.129.95.210/scans/_manual_commands.txt:
13 [-] RPC Client:
14
15: rpcclient -p 135 -U "" 10.129.95.210
16
17 [*] netbios-ssn on tcp/139
..
311 [-] RPC Client:
312
313: rpcclient -p 49664 -U "" 10.129.95.210
314
315 [*] msrpc on tcp/49665
...
317 [-] RPC Client:
318
319: rpcclient -p 49665 -U "" 10.129.95.210
320
321 [*] msrpc on tcp/49666
...
323 [-] RPC Client:
324
325: rpcclient -p 49666 -U "" 10.129.95.210
326
327 [*] msrpc on tcp/49667
...
329 [-] RPC Client:
330
331: rpcclient -p 49667 -U "" 10.129.95.210
332
333 [*] msrpc on tcp/49671
...
335 [-] RPC Client:
336
337: rpcclient -p 49671 -U "" 10.129.95.210
338
339 [*] msrpc on tcp/49681
...
341 [-] RPC Client:
342
343: rpcclient -p 49681 -U "" 10.129.95.210
344
345 [*] msrpc on tcp/49685
...
347 [-] RPC Client:
348
349: rpcclient -p 49685 -U "" 10.129.95.210
350
351 [*] msrpc on tcp/49701
...
353 [-] RPC Client:
354
355: rpcclient -p 49701 -U "" 10.129.95.210
356
357 [*] msrpc on tcp/55571
...
359 [-] RPC Client:
360
361: rpcclient -p 55571 -U "" 10.129.95.210
362
363
/Forest/results/10.129.95.210/scans/tcp139/enum4linux.txt:
<binary>
I don't know why it skip running rpcclient on port 445. This is how I do them manually on HTB forest.
❯ export IP=10.129.95.210
❯ rpcclient -U "" -N $IP
rpcclient $> ^C
❯ rpcclient -U "" -N $IP -p 135
it's haCannot connect to server. Error was NT_STATUS_IO_TIMEOUT
❯ rpcclient -U "" -N $IP -p 445
rpcclient $> ^C
Alternatively, I think crackmapexec smb $IP --users would nice as well.
@A1vinSmith Ah ok, so rpcclient should run against SMB? Just checking I've got that right.
I'll see that crackmapexec gets added too.
Hi @Tib3rius , yeah rpcclient should run against SMB. Why not? 🙂
Another TCP 445 microsoft-ds needs to run rpcclient. HTB Monteverde.