Java RMI
Java Remote Method Invocation

Enumerate

Check if class loader is enabled:
msf > use auxiliary/scanner/misc/java_rmi_server
msf > set RHOSTS file:java_rmi.txt
msf > set THREADS 25
msf > run
Dump registry with MSF:
msf > use auxiliary/gather/java_rmi_registry
msf > set RHOSTS file:java_rmi.txt
msf > run
Dump registry with Nmap:
$ sudo nmap -sV --script "rmi-dumpregistry or rmi-vuln-classloader" 192.168.1.11 -p1098

BaRMIe

$ java -jar BaRMIe.jar -enum 192.168.1.11 1098
$ java -jar BaRMIe.jar -attack 192.168.1.11 1098

remote-method-guesser

$ java -jar rmg-3.0.0-jar-with-dependencies.jar 192.168.1.11 1098 enum

rmiscout

Copy link
On this page
Enumerate
BaRMIe
remote-method-guesser
rmiscout