connect
rpc::connect can be used to connect to an RPC endpoint. It has the following command line arguments:
/alg: the encryption algorithm to use for the connection. The options are 3DES or RC4. By default it uses 3DES./remote: the RPC server to connect/noauth: no authentication is required to connect to the remote RPC endpoint/authuser: the user for authentication/authdomain: the domain of the authuser/authpassword: the authuser's password
Mimikatz can connect to an RPC server without authentication.
mimikatz # rpc::connect /remote:192.168.0.224 /noauth
[rpc] Remote : 192.168.0.224
[rpc] ProtSeq : ncacn_ip_tcp
[rpc] Endpoint : (null)
[rpc] Service : (null)
[rpc] AuthnSvc : NONE (0)
[rpc] NULL Sess: no
Algorithm: CALG_3DES (00006603)
Endpoint resolution is OK
mimikatz is bound!Mimikatz can connect to an RPC server requiring authentication, the auth* arguments are needed.
mimikatz # rpc::connect /remote:192.168.0.224 /authuser:m3g9tr0n /authdomain:hacklab.local /authpassword:Super_SecretPass!
[rpc] Remote : 192.168.0.224
[rpc] ProtSeq : ncacn_ip_tcp
[rpc] Endpoint : (null)
[rpc] Service : (null)
[rpc] AuthnSvc : GSS_NEGOTIATE (9)
[rpc] NULL Sess: no
Algorithm: CALG_3DES (00006603)
Endpoint resolution is OK
mimikatz is bound!To run commands on the remote server through the session initiated with mimikatz, a wildcard (*) should prepend the commands.
The mimikatz.py from Impacket can also be used to connect to it.
Without supplying credentials, mimikatz.py will attempt to start an unauthenticated session.
If the remote RPC endpoint requires authentication, mimikatz.py will need credentials.
Last updated