rpcclient $> queryuseraliases
Usage: queryuseraliases builtin|domain sid1 sid2 ...
result was NT_STATUS_INVALID_PARAMETER
rpcclient $> srvinfo
192.168.56.116 Wk Sv PDC Tim NT AD LAB
platform_id : 500
os version : 10.0
server type : 0x80102b
rpcclient $> querydominfo
Domain: CONTOSO
Server:
Comment:
Total Users: 124
Total Groups: 0
Total Aliases: 0
Sequence No: 1
Force Logoff: -1
Domain Server State: 0x1
Server Role: ROLE_DOMAIN_PDC
Unknown 3: 0x1
rpcclient $>
rpcclient $> queryuser srv_web
User Name : srv_web
Full Name : srv_web
Home Drive :
Dir Drive :
Profile Path:
Logon Script:
Description :
Workstations:
Comment :
Remote Dial :
Logon Time : Sun, 04 Dec 2022 17:15:55 EST
Logoff Time : Wed, 31 Dec 1969 19:00:00 EST
Kickoff Time : Wed, 13 Sep 30828 22:48:05 EDT
Password last set Time : Sun, 04 Dec 2022 16:44:19 EST
Password can change Time : Mon, 05 Dec 2022 16:44:19 EST
Password must change Time: Wed, 13 Sep 30828 22:48:05 EDT
unknown_2[0..31]...
user_rid : 0x450
group_rid: 0x201
acb_info : 0x00002210
fields_present: 0x00ffffff
logon_divs: 168
bad_password_count: 0x00000000
logon_count: 0x00000003
padding1[0..7]...
logon_hrs[0..21]...
rpcclient $>
rpcclient $> enumdomgroups
group:[Contrôleurs de domaine d’entreprise en lecture seule] rid:[0x1f2]
group:[Admins du domaine] rid:[0x200]
group:[Utilisateurs du domaine] rid:[0x201]
group:[Invités du domaine] rid:[0x202]
group:[Ordinateurs du domaine] rid:[0x203]
group:[Contrôleurs de domaine] rid:[0x204]
group:[Administrateurs du schéma] rid:[0x206]
group:[Administrateurs de l’entreprise] rid:[0x207]
group:[Propriétaires créateurs de la stratégie de groupe] rid:[0x208]
group:[Contrôleurs de domaine en lecture seule] rid:[0x209]
group:[Contrôleurs de domaine clonables] rid:[0x20a]
group:[Protected Users] rid:[0x20d]
group:[Administrateurs clés] rid:[0x20e]
group:[Administrateurs clés Enterprise] rid:[0x20f]
group:[DnsUpdateProxy] rid:[0x44e]
group:[service_web] rid:[0x452]
group:[Direction] rid:[0x48c]
group:[Sales] rid:[0x48d]
group:[Traders] rid:[0x48e]
group:[Secretary] rid:[0x48f]
group:[Accounting] rid:[0x490]
group:[Financial-Consultant] rid:[0x491]
group:[DirectionParis] rid:[0x492]
group:[SalesParis] rid:[0x493]
group:[TradersParis] rid:[0x494]
group:[SecretaryParis] rid:[0x495]
group:[AccountingParis] rid:[0x496]
group:[Financial-ConsultantParis] rid:[0x497]
group:[DirectionBerlin] rid:[0x498]
group:[SalesBerlin] rid:[0x499]
group:[TradersBerlin] rid:[0x49a]
group:[SecretaryBerlin] rid:[0x49b]
group:[AccountingBerlin] rid:[0x49c]
group:[Financial-ConsultantBerlin] rid:[0x49d]
group:[DirectionLondres] rid:[0x49e]
group:[SalesLondres] rid:[0x49f]
group:[TradersLondres] rid:[0x4a0]
group:[SecretaryLondres] rid:[0x4a1]
group:[AccountingLondres] rid:[0x4a2]
group:[Financial-ConsultantLondres] rid:[0x4a3]
group:[DirectionMadrid] rid:[0x4a4]
group:[SalesMadrid] rid:[0x4a5]
group:[TradersMadrid] rid:[0x4a6]
group:[SecretaryMadrid] rid:[0x4a7]
group:[AccountingMadrid] rid:[0x4a8]
group:[Financial-ConsultantMadrid] rid:[0x4a9]
group:[DirectionAmsterdam] rid:[0x4aa]
group:[SalesAmsterdam] rid:[0x4ab]
group:[TradersAmsterdam] rid:[0x4ac]
group:[SecretaryAmsterdam] rid:[0x4ad]
group:[AccountingAmsterdam] rid:[0x4ae]
group:[Financial-ConsultantAmsterdam] rid:[0x4af]
group:[DirectionNew_york] rid:[0x4b0]
group:[SalesNew_york] rid:[0x4b1]
group:[TradersNew_york] rid:[0x4b2]
group:[SecretaryNew_york] rid:[0x4b3]
group:[AccountingNew_york] rid:[0x4b4]
group:[Financial-ConsultantNew_york] rid:[0x4b5]
group:[DirectionPekin] rid:[0x4b6]
group:[SalesPekin] rid:[0x4b7]
group:[TradersPekin] rid:[0x4b8]
group:[SecretaryPekin] rid:[0x4b9]
group:[AccountingPekin] rid:[0x4ba]
group:[Financial-ConsultantPekin] rid:[0x4bb]
group:[DirectionMoscou] rid:[0x4bc]
group:[SalesMoscou] rid:[0x4bd]
group:[TradersMoscou] rid:[0x4be]
group:[SecretaryMoscou] rid:[0x4bf]
group:[AccountingMoscou] rid:[0x4c0]
group:[Financial-ConsultantMoscou] rid:[0x4c1]
┌──(kali㉿kali)-[~]
└─$ rpcclient -U user8 192.168.56.116
Password for [WORKGROUP\\user8]:
rpcclient $> enumprivs
found 35 privileges
SeCreateTokenPrivilege 0:2 (0x0:0x2)
SeAssignPrimaryTokenPrivilege 0:3 (0x0:0x3)
SeLockMemoryPrivilege 0:4 (0x0:0x4)
SeIncreaseQuotaPrivilege 0:5 (0x0:0x5)
SeMachineAccountPrivilege 0:6 (0x0:0x6)
SeTcbPrivilege 0:7 (0x0:0x7)
SeSecurityPrivilege 0:8 (0x0:0x8)
SeTakeOwnershipPrivilege 0:9 (0x0:0x9)
SeLoadDriverPrivilege 0:10 (0x0:0xa)
SeSystemProfilePrivilege 0:11 (0x0:0xb)
SeSystemtimePrivilege 0:12 (0x0:0xc)
SeProfileSingleProcessPrivilege 0:13 (0x0:0xd)
SeIncreaseBasePriorityPrivilege 0:14 (0x0:0xe)
SeCreatePagefilePrivilege 0:15 (0x0:0xf)
SeCreatePermanentPrivilege 0:16 (0x0:0x10)
SeBackupPrivilege 0:17 (0x0:0x11)
SeRestorePrivilege 0:18 (0x0:0x12)
SeShutdownPrivilege 0:19 (0x0:0x13)
SeDebugPrivilege 0:20 (0x0:0x14)
SeAuditPrivilege 0:21 (0x0:0x15)
SeSystemEnvironmentPrivilege 0:22 (0x0:0x16)
SeChangeNotifyPrivilege 0:23 (0x0:0x17)
SeRemoteShutdownPrivilege 0:24 (0x0:0x18)
SeUndockPrivilege 0:25 (0x0:0x19)
SeSyncAgentPrivilege 0:26 (0x0:0x1a)
SeEnableDelegationPrivilege 0:27 (0x0:0x1b)
SeManageVolumePrivilege 0:28 (0x0:0x1c)
SeImpersonatePrivilege 0:29 (0x0:0x1d)
SeCreateGlobalPrivilege 0:30 (0x0:0x1e)
SeTrustedCredManAccessPrivilege 0:31 (0x0:0x1f)
SeRelabelPrivilege 0:32 (0x0:0x20)
SeIncreaseWorkingSetPrivilege 0:33 (0x0:0x21)
SeTimeZonePrivilege 0:34 (0x0:0x22)
SeCreateSymbolicLinkPrivilege 0:35 (0x0:0x23)
SeDelegateSessionUserImpersonatePrivilege 0:36 (0x0:0x24)
enumpriv