Port 111/135 – RPC/MSRPC

How to enumerate port 111/135 (RPC/MSRPC)


Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another machine on a network without having to understand the network’s details. A procedure call is also sometimes known as a function call or a subroutine call.

Nmap scripts:

#run all nfs scripts
nmap -sV --script=nfs-*


The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine.

rpcbind -p


Probe rpcbind on host using version 2 of the rpcbind protocol, and display a list of all registered RPC programs. If host is not specified, it defaults to the local host. Note that version 2 of the rpcbind protocol was previously known as the portmapper protocol.

rpcinfo -p


rpcclient is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone several stages of development and stability. Many system administrators have now written scripts around it to manage Windows NT clients from their UNIX workstation.

rpcclient --I

Enumerate NFS Shares:

showmount -e

Mount NFS Share:

mount -t nfs /tmp/mnt -nolock

Leave A Reply

Your email address will not be published.