rpcinfo is a very useful recon NSE script.  Below you will see a snip from 

#nmap rpcinfo --script-help

For more information on portmapper see references [1]

Think about rpcinfo as a road map.  I am driving my car and I want information about an area I have never been.  I open up Google and type in the address.  I am shown a map, so now I understand how to get there.  In addition to directions it also shows me that my destination has three entrances once I arrive.  One on the North side and two on the west.  North entrance is gated and has a security guard.  On the West side is a staff entrance, and is not manned.  I just want to drop something off here and I want to do it quick.  I skip the guard entrance and go to the west side.  I get out of my car and bring the package to the back door and give it to the person who replied to my shady craigslist add. ;)

Maybe the analogy is too long, but just translate this to a server.  With rpcinfo you can get a literal mapping of ports and programs/services that are being utilized.  when we learn particular services that are running we are better able to gain a foothold during a pentest because we can tailor our exploit better.

Follow the instructions below


[1] https://en.wikipedia.org/wiki/Portmap

[2] https://nmap.org/nsedoc/scripts/rpcinfo.html

Popular Posts