例如,我需要连接到一个密码为 的 rpcclient admin。基本上,我希望用一行连接到服务器,例如:
echo 'admin' | rpcclient -U '' x.x.x.x
当我执行上述操作时,我得到:
root@kali:/home# echo 'admin' | rpcclient -U '' x.x.x.x
Enter WORKGROUP\'s password:
root@kali:/home#
请注意,没有建立 rpcclient 连接,但如果我手动执行此操作,它就可以正常工作,如下所示:
root@kali:/home# rpcclient -U '' x.x.x.x
Enter WORKGROUP\'s password:
rpcclient $>
答案1
rpcclient [-A authfile] [-c <command string>] [-d debuglevel] [-l logdir] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-I destinationIP] {server}
您可以使用-A带有凭证文件的选项或完整-U选项
-A|--authentication-file=filename
-U|--user=username[%password] -W workgroup
凭证文件如下所示
用户名 = [值]
密码 = [值]
域 = [值]
rpcclient -A /path/to/cred.file xxx.xxx.xxx.xxx
rpcclient -U "login%password" -W "domainname" xxx.xxx.xxx.xxx
答案2
请注意,没有建立 rpcclient 连接,但如果我手动执行此操作,它就可以正常工作,如下所示:
这是设计使然。
来自手册:
-A | --authentication-file=filename
This option allows you to specify a file from which to read the username
and password used in the connection. The format of the file is
username = <value>
password = <value>
domain = <value>
Make certain that the permissions on the file restrict access
from unwanted users.