samba 工具包里面的一个工具 。。。。可以远程登录 windows 然后执行一些操作 前提是需要系统的密码 。。。
[root@centos ~]# rpcclient xx.xx.117.68 -U administrator
Enter administrator's password:
Cannot connect to server. Error was NT_STATUS_ACCOUNT_DISABLED //账户被禁用了 对方应该是 windows7 的机器
[root@centos ~]# rpcclient xx.xx.117.42 -U administrator
Enter administrator's password:
Cannot connect to server. Error was NT_STATUS_ACCOUNT_RESTRICTION //不允许空密码登录的 windows 的为了加强安全性 禁用了空密码登录
登录 windows 的时候 如果登录失败了 就自动切换到 guest 来登录 但是 guest 一般都是禁用的
[root@centos ~]# rpcclient 192.168.56.101 --user=administrator%sincoder
rpcclient $> getusername //得到当前的登录用户名
Account Name: Guest, Authority Name: F07OKKGJOFAX2BS
枚举远程系统的用户名
rpcclient $> lsaenumsid
found 12 SIDs
S-1-5-6
S-1-5-4
S-1-5-32-555
S-1-5-32-551
S-1-5-32-547
S-1-5-32-545
S-1-5-32-544
S-1-5-21-2152472544-1540806776-311459245-501
S-1-5-21-2152472544-1540806776-311459245-1001
S-1-5-20
S-1-5-19
S-1-1-0
rpcclient $> lookupsids S-1-5-21-2152472544-1540806776-311459245-501
S-1-5-21-2152472544-1540806776-311459245-501 F07OKKGJOFAX2BS\Guest (1)
rpcclient $> lookupsids S-1-5-21-2152472544-1540806776-311459245-1001
S-1-5-21-2152472544-1540806776-311459245-1001 F07OKKGJOFAX2BS\ASPNET (1)
rpcclient $> lookupsids S-1-1-0
S-1-1-0 \Everyone (5)
rpcclient $> lookupsids S-1-5-6
S-1-5-6 NT AUTHORITY\SERVICE (5)
rpcclient $> lookupsids S-1-5-32-555
S-1-5-32-555 BUILTIN\Remote Desktop Users (4)
。。。。。
如果发现windows机器的 RPC 服务无法使用 那么应该先运行下 网络安装向导
rpcclient $> enumdomusers
user:[Administrator] rid:[0x1f4]
user:[Guest] rid:[0x1f5]
user:[libvod107] rid:[0x3ec]
user:[SQLDebugger] rid:[0x3eb]
user:[SUPPORT_388945a0] rid:[0x3e9]
rpcclient $> queryuserinfo
command not found: queryuserinfo
rpcclient $> queryuserinfo
command not found: queryuserinfo
//得到帐户信息。。。
rpcclient $> queryuser 0x1f4
User Name : Administrator
Full Name :
Home Drive :
Dir Drive :
Profile Path:
Logon Script:
Description : 管理计算机(域)的内置帐户
Workstations:
Comment :
Remote Dial :
Logon Time : Wed, 27 Mar 2013 09:42:00 CST
Logoff Time : Thu, 01 Jan 1970 08:00:00 CST
Kickoff Time : never
Password last set Time : Wed, 12 Jan 2011 13:17:37 CST
Password can change Time : Wed, 12 Jan 2011 13:17:37 CST
Password must change Time: never
unknown_2[0..31]...
user_rid : 0x1f4
group_rid: 0x201
acb_info : 0x00000210
fields_present: 0x00ffffff
logon_divs: 168
bad_password_count: 0x00000000
logon_count: 0x000001e4
padding1[0..7]...
logon_hrs[0..21]...