Hello, TürkHackTeam family, together we will see, "Target (1099) Infıltrate From the Port!" We will continue our series. Let's take a look at our topics and move on to our topic. We will continue our series. Let's look at our topics and move on.
Subject Headers
What is the Java RMI?
Target (1099) Infıltrate From the Port
What is the Java RMI?
You will see Java_RMI on the port. Let me talk a little about this. Java RMI enables the communication between different applications in Java. They do this over TCP / IP protocols. The 1099 port is the default port of RMI.
Since this process does not have any authentication, the attacker can directly infiltrate.
I have described it as descriptive and now let's reinforce it with the example.
Target (1099) Infıltrate From the Port
First we need to scan the ports of our destination. I will scan it automatically using the zenmap tool.
As you can see, port 1099 is on. Let's write msfconsole to the terminal and search for exploit.
Now, back to the first visual, what was the information we had? The first information is that the port is open and the second is java_rmi . Using this information, we will search for exploit in msfconsole . Type
into the console.
As you can see, we have 3 exploits. The important thing for us is that I marked it red. To use this, let's write
. After typing, we logged into exploite. Here, let's look at our settings first for this
Let's write. Then we have to fill in the RHOSTS section. To fill this out, let's write
and say exploit .
After typing Exploit , we have infiltrated the machine in 10-15 seconds.
You can see what's going on with the ls command, and then use the Linux command to extract the necessary data.
This is the end , friends, will be able to discuss in another article ...
Subject Headers
What is the Java RMI?
Target (1099) Infıltrate From the Port
What is the Java RMI?
You will see Java_RMI on the port. Let me talk a little about this. Java RMI enables the communication between different applications in Java. They do this over TCP / IP protocols. The 1099 port is the default port of RMI.
Since this process does not have any authentication, the attacker can directly infiltrate.
I have described it as descriptive and now let's reinforce it with the example.
Target (1099) Infıltrate From the Port
First we need to scan the ports of our destination. I will scan it automatically using the zenmap tool.
As you can see, port 1099 is on. Let's write msfconsole to the terminal and search for exploit.
Now, back to the first visual, what was the information we had? The first information is that the port is open and the second is java_rmi . Using this information, we will search for exploit in msfconsole . Type
Kod:
search java_rmiAs you can see, we have 3 exploits. The important thing for us is that I marked it red. To use this, let's write
Kod:
use exploit / multi / misc / java_rmi_server
Kod:
show options
Kod:
set RHOSTS Destination_IP_AddressAfter typing Exploit , we have infiltrated the machine in 10-15 seconds.
You can see what's going on with the ls command, and then use the Linux command to extract the necessary data.
This is the end , friends, will be able to discuss in another article ...
