RPC Endpoints

Three methods to interact with RPC:

Local RPC Calls: ncalrpc:[LRPC-b1a0ed...] TCP/IP: ncan_iptcp:[port] Named Pipe: ncacn_np:\\WORKSTATION[\PIPE\Name]

Enumeration

NtObjectManager:

    get-rpcendpoint //find all registered endpoints
    get-rpcendpoint -ProcessId 504 //find registered endpoint for PID
    get-rpcendpoint -InterfaceId "a1234-b23c4d..." -FindAlpcPort //bruteforce the AlpcPort

PreviousRPC EnumerationNextServer Interaction

Last updated

Was this helpful?