Skip to main content


Default Port: 111

rpcbind is used by RPC (Remote Procedure Call) services. An RPC service is a server-based service that fulfills remote procedure calls. rpcbind is used to determine which services can respond to incoming requests to perform the specified service.


Confirming that the rpcbind service runs on a target machine is usually the first step.

nc -z -v -u <target-ip> 111


When connected to a machine rpcbind, you can use the rpcinfo tool to learn the details of rpcbind service.

rpcinfo -p <target-ip>


You can run the rpcenum script to determine the rpc service on the target and collect information. You can use the -v flag for more details.

rpcenum -v <target-ip>

Attack Vectors

There are various rpcbind modules in Metasploit. For example, you can use the following Metasploit commands for the rpcbind_cgi_mainenv vulnerability

use auxiliary/gather/rpcbind_cgi_mainenv
set RHOST <target-ip>


RPC Dictionary Attack

If you successfully exploited vulnerabilities and obtained a username and password, you can create an RPC bridge as follows using rpcclient

rpcclient -U "username%password" <target-ip>

Service Abuse

If a certain RPC service created a vulnerability on the target machine, you can abuse this service to influence behaviors on the target system or hinder its proper operation. For example, you can stop the following RPC service:

rpcclient -U "username%password" <target-ip> -c 'stop service_name'