Port 1098/1099- Pentesting Java RMI

Enumeration

msf> use auxiliary/scanner/misc/java_rmi_server
msf> use auxiliary/gather/java_rmi_registry
nmap -sV --script "rmi-dumpregistry or rmi-vuln-classloader" -p <PORT> <IP>

Remote Method Guesser

# remote-method-guesser
# https://github.com/qtc-de/remote-method-guesser

java -jar rmg-3.0.0-jar-with-dependencies.jar 192.168.1.11 1098 enum

Exploitation

https://github.com/BishopFox/rmiscout to explore and try to find RCE vulnerabilities. https://github.com/NickstaDB/BaRMIe to enumerate and attack

$ java -jar BaRMIe.jar -enum 192.168.1.11 1098
$ java -jar BaRMIe.jar -attack 192.168.1.11 1098

https://github.com/siberas/sjet allows an easy exploitation of insecure configured JMX services (I tried and It gave me Error: Can't connect to remote service let me know if you know how to fix this issue).

PreviousPort 5985,5986 - WinRMNextPort Knocking

Last updated