> For the complete documentation index, see [llms.txt](https://tools.thehacker.recipes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://tools.thehacker.recipes/mimikatz/modules/rpc/server.md). # server `rpc::server` can be used to start an RPC server. It has the following command line arguments: * `/stop`: terminates the RPC connection * `/guid`: the guid for the RPC endpoint (opsec safe) * `/noreg`: to not register the RPC binding * `/secure`: only secure connections are accepted * `/altservice`: alter the rpc service name (opsec safe) * `/negotiate`: the default authentication mechanism `GSS_NEGOTIATE (9)`. * `/ntlm:` use NTLM authentication `WINNT (10)`. * `/kerberos`: use Kerberos authentication `GSS_KERBEROS (16)`. * `/authuser`: the user for authentication * `/authdomain`: the domain of the authuser * `/authpassword`: the authuser's password ``` mimikatz # privilege::debug Privilege '20' OK ``` ``` mimikatz # token::elevate Token Id : 0 User name : SID name : NT AUTHORITY\SYSTEM 752 {0;000003e7} 0 D 44299 NT AUTHORITY\SYSTEM S-1-5-18 (04g,31p) Primary -> Impersonated ! * Process Token : {0;002cfce0} 4 F 118309013 hacklab\m3g9tr0n S-1-5-21-2725560159-1428537199-2260736313-1730 (13g,24p) Primary * Thread Token : {0;000003e7} 0 D 118617400 NT AUTHORITY\SYSTEM S-1-5-18 (04g,31p) Impersonation (Delegation) ``` {% tabs %} {% tab title="Without authentication" %} An RPC server can be started without an authentication requirement. ``` mimikatz # rpc::server [rpc] ProtSeq : ncacn_ip_tcp [rpc] Endpoint : (null) [rpc] Service : (null) [rpc] AuthnSvc : GSS_NEGOTIATE (9) Map Reg.: yes Security: Allow no auth mimikatz # > BindString[0]: ncacn_ip_tcp:DC[61057] > RPC bind registered > RPC Server is waiting! ``` {% endtab %} {% tab title="With authentication" %} An RPC server can be started with an authentication requirement. ``` mimikatz # rpc::server /secure /authuser:m3g9tr0n /authdomain:hacklab.local /authpassword:Super_SecretPass! [rpc] ProtSeq : ncacn_ip_tcp [rpc] Endpoint : (null) [rpc] Service : (null) [rpc] AuthnSvc : GSS_NEGOTIATE (9) Map Reg.: yes Security: Secure only mimikatz # > BindString[0]: ncacn_ip_tcp:DC[61057] > RPC bind registered > RPC Server is waiting! mimikatz # ** Security Callback! ** > ServerPrincName: > AuthnLevel : 6 - PKT_PRIVACY > AuthnSvc : 10 - WINNT > AuthzSvc : 0 ``` {% endtab %} {% endtabs %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://tools.thehacker.recipes/mimikatz/modules/rpc/server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.