Null connect

#rpcclient -N -U "" 10.10.10.10 //-N is no pass

#rpcclient 10.10.10.10 -U%

#rpcclient -N -U “” <ip> //rpc connect to the IP with no username. When asked for a password just hit enter. If successfull you will get a smb shell

//next commands to run would be: help

>srvinfo //server info

>enum

>enumdomusers //list user accounts on machine (quick easy to read)

>getdompwinfo //list password policy configured on the server

>enumalsgroups

>srvinfo

>lookupnames

>queryuser

>enumprivs

-----------

#rpcinfo 10.10.10.117