gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-30 22:50:27 -08:00
Code Issues Packages Projects Releases Wiki Activity

Normalize page header for GraphQL, Deserialization, SCM

Browse Source
This commit is contained in:
Swissky
2024-11-10 14:37:48 +01:00
parent 2deb20a6f1
commit 2304101657
21 changed files with 262 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Java RMI/README.md
View File

@@ -2,16 +2,18 @@
> Java RMI (Remote Method Invocation) is a Java API that allows an object running in one JVM (Java Virtual Machine) to invoke methods on an object running in another JVM, even if they're on different physical machines. RMI provides a mechanism for Java-based distributed computing.
## Summary
* [Tools](#tools)
* [Detection](#detection)
* [Exploitation](#exploitation)
* [Methodology](#methodology)
* [RCE using beanshooter](#rce-using-beanshooter)
* [RCE using sjet/mjet](#rce-using-sjet-or-mjet)
* [RCE using Metasploit](#rce-using-metasploit)
* [References](#references)
## Tools
- [siberas/sjet](https://github.com/siberas/sjet)
@@ -19,6 +21,7 @@
- [qtc-de/remote-method-guesser](https://github.com/qtc-de/remote-method-guesser)
- [qtc-de/beanshooter](https://github.com/qtc-de/beanshooter) - JMX enumeration and attacking tool.
## Detection
* Using [nmap](https://nmap.org/):
@@ -35,7 +38,7 @@
| javax.management.remote.rmi.RMIServerImpl_Stub
```
* Using [remote-method-guesser](https://github.com/qtc-de/remote-method-guesser):
* Using [qtc-de/remote-method-guesser](https://github.com/qtc-de/remote-method-guesser):
```bash
$ rmg scan 172.17.0.2 --ports 0-65535
[+] Scanning 6225 Ports on 172.17.0.2 for RMI services.
@@ -60,7 +63,7 @@
[...]
```
* Using Metasploit
* Using [rapid7/metasploit-framework](https://github.com/rapid7/metasploit-framework)
```bash
use auxiliary/scanner/misc/java_rmi_server
set RHOSTS <IPs>
@@ -68,7 +71,7 @@
run
```
## Exploitation
## Methodology
If a Java Remote Method Invocation (RMI) service is poorly configured, it becomes vulnerable to various Remote Code Execution (RCE) methods. One method involves hosting an MLet file and directing the JMX service to load MBeans from a distant server, achievable using tools like mjet or sjet. The remote-method-guesser tool is newer and combines RMI service enumeration with an overview of recognized attack strategies.
@@ -134,6 +137,7 @@ set RPORT <PORT>
run
```
## References
- [Attacking RMI based JMX services - Hans-Martin Münch - April 28, 2019](https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/)