# Show RPC info
rcinfo –p IP
# Show NFS shares mounted
Showmount –e IP
# Mount NFS share locally
sudo mount -t nfs 172.19.19.51:/home /mnt -o nolock
# Enumerate domain with rpcclient after gaining credentials
rpcclient -U Administrator%Ignite@123 192.168.1.172
Querydominfo
Enumdomusers
Srvinfo
Enumdomgroups
Querygroup 0x200
Queryuser blabla