impacket-sambapipe

Access named pipe on a remote SMB share

$ impacket-sambapipe '[domain]/[user]:[password]@[192.168.1.100]' '[pipename]'

$ impacket-sambapipe -hashes ':[nthash]' '[domain]/[user]@[192.168.1.100]' '[pipename]'

$ impacket-sambapipe -k -no-pass '[domain]/[user]@[target]' '[pipename]'

impacket-sambapipe [-h] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-aesKey KEY] [-dc-ip IP] target pipe

impacket-sambapipe connects to named pipes on remote Windows systems via SMB. Named pipes are used for inter-process communication in Windows and many services expose functionality through pipes.
This tool is useful for interacting with services that communicate through named pipes, testing pipe accessibility, or as part of more complex attack chains involving pipe communication.

-hashes LMHASH:NTHASH

Use NTLM hashes for authentication instead of password

Don't ask for password (useful with -k)

Use Kerberos authentication from ccache file

AES key to use for Kerberos authentication

IP address of the domain controller (for Kerberos)

Requires appropriate permissions to access the named pipe. Some pipes require administrative access. The pipe must exist and be accessible on the target system.

Part of the Impacket library by SecureAuth. Named pipe access is fundamental to many Windows protocols and services, making this tool useful for various testing scenarios.

impacket-smbclient(1), smbclient(1), rpcclient(1)