Port 1098/1099- Pentesting Java RMI
Enumeration
msf> use auxiliary/scanner/misc/java_rmi_server
msf> use auxiliary/gather/java_rmi_registry
nmap -sV --script "rmi-dumpregistry or rmi-vuln-classloader" -p <PORT> <IP>
Remote Method Guesser
# remote-method-guesser
# https://github.com/qtc-de/remote-method-guesser
java -jar rmg-3.0.0-jar-with-dependencies.jar 192.168.1.11 1098 enum
Exploitation
https://github.com/BishopFox/rmiscout to explore and try to find RCE vulnerabilities. https://github.com/NickstaDB/BaRMIe to enumerate and attack
$ java -jar BaRMIe.jar -enum 192.168.1.11 1098
$ java -jar BaRMIe.jar -attack 192.168.1.11 1098
https://github.com/siberas/sjet allows an easy exploitation of insecure configured JMX services (I tried and It gave me Error: Can't connect to remote service
let me know if you know how to fix this issue).
Last updated