Description

Enumeration

rpcclient $IP

Sometimes, the host is old enough to be vulnerable to a Null Session Attack, therefore, it is always a good idea to try to connect via RPC using null username and password :

rpcclient -N -U "" $IP

When a session is successfully created, it is possible to view a list of possible rpcclient commands with help. rpcclient also has autocompletion.

Exploitation