MSRPC (135)

https://cheatsheet.haax.fr/network/services-enumeration/135_rpc/

Enumeration with RPCDump

rpcdump.py 10.1.1.68 -p 135

Enumeration with RPCClient

Check users

enumdomusers

Check groups

enumdomgroups

Check groups a user is part of. Look for users with more groups for low hanging fruit before enumerating what groups each user is a part of in particular.

queryusergroups <User RID>

Resetting a User's Password with RPCClient

To set a user's password with rpcclient, you'd usually use the setuserinfo2 function with a level of 23. The **level** parameter corresponds to the level of user information that you're modifying, and for changing passwords, the relevant level is 23. Level 23 includes all the attributes from level 1 (which provides basic user information) and adds the ability to modify the user's password.

The **setuserinfo** function in **rpcclient** is typically used to modify user account information, but it might not directly support changing passwords. To change a user's password using **rpcclient**, the **setuserinfo2** function with level 23 is the recommended approach.

setuserinfo2 christopher.lewis 23 'Admin!23'

setuserinfo christopher.lewis 23 'Admin!23'