NSE:rpcinfo
rpcinfo is a very useful recon NSE script. Below you will see a snip from
#nmap rpcinfo --script-help
For more information on portmapper see references [1]
Think about rpcinfo as a road map. I am driving my car and I want information about an area I have never been. I open up Google and type in the address. I am shown a map, so now I understand how to get there. In addition to directions it also shows me that my destination has three entrances once I arrive. One on the North side and two on the west. North entrance is gated and has a security guard. On the West side is a staff entrance, and is not manned. I just want to drop something off here and I want to do it quick. I skip the guard entrance and go to the west side. I get out of my car and bring the package to the back door and give it to the person who replied to my shady craigslist add. ;)
Maybe the analogy is too long, but just translate this to a server. With rpcinfo you can get a literal mapping of ports and programs/services that are being utilized. when we learn particular services that are running we are better able to gain a foothold during a pentest because we can tailor our exploit better.
Follow the instructions below
Reference: