Skip to content

Epm.md

Latest commit

 

History

History
171 lines (134 loc) · 5.62 KB

Epm.md

File metadata and controls

171 lines (134 loc) · 5.62 KB

Epm

Commands for interacting with the RPC endpoint mapper

Synopsis

Epm <subcommand>

Subcommands

Command Description
lsep Lists the dynamic RPC endpoints registered with the endpoint mapper

For help on a subcommand, use Epm <subcommand> -h

Epm lsep

Lists the dynamic RPC endpoints registered with the endpoint mapper

Synopsis

Epm lsep [options] <ServerName>

Parameters

Name Aliases Value Description
<ServerName> <String> RPC server to interact with

Options

Name Aliases Value Description
-ObjectId <Guid> Filter for object ID
-I, -InterfaceId <Guid> Filter for interface ID
-UpToVersion <RpcVersion> Filter for max. version
-ExactVersion <RpcVersion> Filter for exact version
-CompatVersion <RpcVersion> Filter for compatible version
-M, -MajorVersion <UInt16> Filter for major version
-PageSize <Int32> Number of results to fetch at a time
-ConsoleOutputStyle -OutputStyle <OutputStyle> Determines the output style
Possible values:
Freeform
Raw
Table
List
Csv
Tsv
Json
-OutputFields <String[]> Fields to display in output
Possible values:
ObjectGuid
annotation
Tower
-OutputHeaders <SwitchParam> Print headers for table/list/CSV/TSV styles
Default: True
-Spnego <SwitchParam> Uses SP-NEGO for authentication
-AuthEpm <SwitchParam> Authenticates EP mapper requests
-EncryptEpm <SwitchParam> Encrypts EP mappend requests
-EncryptRpc <SwitchParam> Encrypts RPC messages
-PreferSmb <SwitchParam> If the interface supports named pipes, attempt to connect over the named pipe instead of TCP
-SpnOverride <SpnMapping[]> Specifies an SPN override
-AuthProxy <EndPoint> Endpoint of auth proxy
-Socks5 <host-or-ip:port> End point of SOCKS 5 server to use

Output

Name Aliases Value Description
-LogLevel <LogMessageSeverity> Sets the lowest level of messages to log
Possible values:
Debug
Diagnostic
Verbose
Info
Warning
Error
Critical
-ConsoleLogFormat -LogFormat <LogFormat> Sets the format of log messages written to the console
Default: 0
Possible values:
Text
TextWithTimestamp
Json
-Verbose -V <SwitchParam> Prints verbose messages
-Diagnostic -vv <SwitchParam> Prints diagnostic messages
-HumanReadable <SwitchParam> Formats file sizes as human-readable values

Authentication

Name Aliases Value Description
-Anonymous <SwitchParam> Uses anonymous login
-UserName -u <UserPrincipalName> User name to authenticate with, not including the domain
-UserDomain -ud <String> Domain of user to authenticate with
-Password -p <String> Password to authenticate with
-NtlmHash <hexadecimal hash> NTLM hash for NTLM authentication

Authentication (Kerberos)

Name Aliases Value Description
-AesKey <HexString> AES key (128 or 256)
-DesKey <HexString> DES key
-Tgt <String> Name of file containing a ticket-granting ticket (.kirbi or ccache)
-Tickets <String[]> Name of file containing service tickets (.kirbi or ccache)
-TicketCache <String> Name of ticket cache file
-K, -Kdc <host-or-ip:port> KDC endpoint
-S4UserName <UserPrincipalName> Name of user to impersonate with S4U
-U2UserName <UserPrincipalName> User name to request TGT for U2U
-S4UserCert <String> Name of file containing a certificate of a user to impersonate with S4U
-S4ProxyService <SecurityPrincipalName> Name of service to proxy through
-UserCert <String> Name of file containing user's certificate (for PKINIT)
-UserKey <String> Name of file containing user's key (for PKINIT)
-UserKeyPassword <String> Password to decrypt file containing user's key (for PKINIT)

Authentication (NTLM)

Name Aliases Value Description
-Workstation -w <String> Name of workstation to send with NTLM authentication
-NtlmVersion <Version> NTLM version number (a.b.c.d)

Connection

Name Aliases Value Description
-HostAddress -ha <String[]> Network address(es) of the server
-UseTcp6Only -6 <SwitchParam> Only use TCP over IPv6 endpoint
-UseTcp4Only -4 <SwitchParam> Only use TCP over IPv4 endpoint
-Dialects <Smb2Dialect[]> List of SMB2 dialects to negotiate
Possible values:
Smb2_0_2
Smb2_1
Smb3_0
Smb3_0_2
Smb3_1_1
-RequireSigning -signreq <SwitchParam> Requires packets to be signed
-RequireSecureNegotiate <SwitchParam> Requires the client to authenticate the negotiation
-EncryptSmb <SwitchParam> Requires an encrypted connection

Client Behavior

Name Aliases Value Description
-F, -FollowDfs <SwitchParam> Checks for and follows DFS referrals (default=true)
-DfsReferralBufferSize <Int32> Specifies the size for the DFS referral buffer (default=4096)

Details

Queries to the endpoint mapper are usually unauthenticated. This is different from anonymous authentication in that no security context is established.

Examples

Example 1 - List all endpoints

Epm lsep LUMON-DC1