rpcclient

Connect to a remote host

$ rpcclient [[-U|--user]] [domain]\[username]%[password] [ip]

$ rpcclient [[-U|--user]] [username] [[-W|--workgroup]] [domain] [[-N|--no-pass]] [ip]

$ rpcclient [[-U|--user]] [domain]\[username] --pw-nt-hash [ip]

$ rpcclient [[-U|--user]] [domain]\[username]%[password] [[-c|--command]] [semicolon_separated_commands] [ip]

$ rpcclient $> enumdomusers

$ rpcclient $> enumprivs

$ rpcclient $> queryuser [username|rid]

$ rpcclient $> createdomuser [username]

rpcclient [options] server

-A authfile
    Specifies the authentication file containing username and password.

-c command string
    Executes the specified command string.

-d debuglevel
    Sets the debug level (0-10).

-l logfile
    Specifies the log file.

-N
    Suppresses the password prompt.

-p port
    Specifies the port number.

-s smb.conf
    Specifies the location of the smb.conf file.

-U username[%password]
    Specifies the username and optional password.

-W workgroup
    Specifies the workgroup name.

-i
    Specifies the network interface.

-P
    Use plaintext authentication. Not recommended for security reasons.

rpcclient is a command-line utility in Linux used to execute commands on remote Windows systems via the Server Message Block (SMB) protocol. It acts as an SMB client, allowing you to connect to a Samba server or a Windows machine and perform administrative tasks like retrieving information about users, groups, services, and shares. It also can execute remote commands. rpcclient is often used for testing Samba configurations, troubleshooting SMB issues, and automating administrative tasks that would otherwise require using GUI tools on a Windows system.
Its functionality extends to tasks such as printing, managing sessions, and even running arbitrary commands on the target machine, provided the appropriate permissions are granted.
It's a valuable tool for system administrators managing mixed environments of Linux and Windows machines. It requires knowledge of the SMB protocol and Windows administration.

Using rpcclient requires appropriate permissions on the target system. Executing arbitrary commands can be a security risk if not properly controlled. The -P option should be avoided in production environments due to its security implications.

rpcclient -U "user%password" server: Authenticates to the server with the specified username and password.
rpcclient -c 'enumdomusers' server: Enumerates the users on the domain.
rpcclient -c 'shutdown' server: Shuts down the remote server (requires appropriate permissions).

rpcclient supports different authentication methods. It is possible to use username/password combination directly on the command line, or use an authentication file. Using plaintext authentication (-P) is discouraged.

rpcclient is part of the Samba suite, which originated in the early 1990s. Andrew Tridgell created Samba to allow Linux systems to integrate seamlessly with Windows networks using the SMB protocol.
Over the years, rpcclient has evolved alongside Samba to support new SMB versions and Windows features. It became an essential tool for system administrators managing mixed Linux/Windows environments and for testing Samba server configurations.

smbclient(1), nmblookup(1), net(8)