server

rpc::server can be used to start an RPC server. It has the following command line arguments:

  • /stop: terminates the RPC connection

  • /guid: the guid for the RPC endpoint (opsec safe)

  • /noreg: to not register the RPC binding

  • /secure: only secure connections are accepted

  • /altservice: alter the rpc service name (opsec safe)

  • /negotiate: the default authentication mechanism GSS_NEGOTIATE (9).

  • /ntlm: use NTLM authentication WINNT (10).

  • /kerberos: use Kerberos authentication GSS_KERBEROS (16).

  • /authuser: the user for authentication

  • /authdomain: the domain of the authuser

  • /authpassword: the authuser's password

mimikatz # privilege::debug
Privilege '20' OK
mimikatz # token::elevate
Token Id  : 0
User name :
SID name  : NT AUTHORITY\SYSTEM

752     {0;000003e7} 0 D 44299          NT AUTHORITY\SYSTEM     S-1-5-18        (04g,31p)       Primary
 -> Impersonated !
 * Process Token : {0;002cfce0} 4 F 118309013   hacklab\m3g9tr0n        S-1-5-21-2725560159-1428537199-2260736313-1730  (13g,24p)       Primary
 * Thread Token  : {0;000003e7} 0 D 118617400   NT AUTHORITY\SYSTEM     S-1-5-18        (04g,31p)       Impersonation (Delegation)

An RPC server can be started without an authentication requirement.

PreviousenumNextsekurlsa

Last updated