Java RMI

Java Remote Method Invocation

Enumerate

Check if class loader is enabled:

msf > use auxiliary/scanner/misc/java_rmi_server
msf > set RHOSTS file:java_rmi.txt
msf > set THREADS 25
msf > run

Dump registry with MSF:

msf > use auxiliary/gather/java_rmi_registry
msf > set RHOSTS file:java_rmi.txt
msf > run

Dump registry with Nmap:

$ sudo nmap -sV --script "rmi-dumpregistry or rmi-vuln-classloader" 192.168.1.11 -p1098

$ java -jar BaRMIe.jar -enum 192.168.1.11 1098
$ java -jar BaRMIe.jar -attack 192.168.1.11 1098

$ java -jar rmg-3.0.0-jar-with-dependencies.jar 192.168.1.11 1098 enum

Last updated 2 years ago