Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 20:53:37 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-06-10 22:00:59 +00:00 committed by gitbook-bot
parent 04bc79b7cb
commit 88834dcf66
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
pentesting/1099-pentesting-java-rmi.md
View file

@ -86,6 +86,7 @@ public class RmiClient {
## Enumeration
Based on the fact that arbitrary java is being treated in a different Java VM, this may allow an attacker to **deserialize** a **payload** in this Java instance and **execute arbitrary code**.
The default configuration of `rmiregistry`allows loading classes from remote URLs, which can lead to remote code execution.
**Basically this service could allow you to execute code.**