mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-30 16:39:32 +00:00
57 lines
3.3 KiB
Markdown
57 lines
3.3 KiB
Markdown
# 514 - Pentesting Rsh
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
<figure><img src="/.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
|
|
|
|
{% embed url="https://academy.8ksec.io/" %}
|
|
|
|
## Podstawowe informacje
|
|
|
|
Do uwierzytelniania wykorzystywane były pliki **.rhosts** wraz z **/etc/hosts.equiv** przez **Rsh**. Uwierzytelnianie zależało od adresów IP i systemu nazw domen (DNS). Łatwość fałszowania adresów IP, szczególnie w sieci lokalnej, stanowiła istotną lukę.
|
|
|
|
Ponadto, powszechnie zdarzało się, że pliki **.rhosts** były umieszczane w katalogach domowych użytkowników, które często znajdowały się na wolumenach Network File System (NFS).
|
|
|
|
**Domyślny port**: 514
|
|
|
|
## Logowanie
|
|
```
|
|
rsh <IP> <Command>
|
|
rsh <IP> -l domain\user <Command>
|
|
rsh domain/user@<IP> <Command>
|
|
rsh domain\\user@<IP> <Command>
|
|
```
|
|
### [**Brute Force**](../generic-methodologies-and-resources/brute-force.md#rsh)
|
|
|
|
## References
|
|
* [https://www.ssh.com/ssh/rsh](https://www.ssh.com/ssh/rsh)
|
|
|
|
{% hint style="success" %}
|
|
Ucz się i ćwicz Hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Ucz się i ćwicz Hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Wsparcie dla HackTricks</summary>
|
|
|
|
* Sprawdź [**plany subskrypcyjne**](https://github.com/sponsors/carlospolop)!
|
|
* **Dołącz do** 💬 [**grupy Discord**](https://discord.gg/hRep4RUj7f) lub [**grupy telegramowej**](https://t.me/peass) lub **śledź** nas na **Twitterze** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Dziel się trikami hackingowymi, przesyłając PR-y do** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repozytoriów github.
|
|
|
|
</details>
|
|
{% endhint %}
|