Rexec - Port 512
It is a service that allows you to execute a command inside a host if you know valid credentials (username and password).
Last updated
Was this helpful?
It is a service that allows you to execute a command inside a host if you know valid credentials (username and password).
Last updated
Was this helpful?
Become VeryLazyTech ! π
Follow us on:
β Twitter .
πΎ Github .
π Medium .
πΊ YouTube .
π© Telegram .
π΅οΈββοΈ My Site .
Visit our for e-books and courses. π
It is a service that allows you to execute a command inside a host if you know valid credentials (username and password).
Default Port: 512
Start by using Nmap to scan for hosts with port 512 open, which is the default port for Rexec:
This will help identify potential targets with the Rexec service running.
Use Metasploit's auxiliary/scanner/rservices/rexec_login module to brute-force username and password combinations:
Load the module:
Set the target and options, such as username and password files:
This will attempt to find valid credentials, exploiting Rexec's clear-text password vulnerability.
Once credentials are obtained, use the rexec command to execute a backdoor command. For example, start a netcat listener:
Then, connect to the backdoor:
Alternatively, set up a reverse shell:
Learn & practice
Become VeryLazyTech ! π
β Twitter .
πΎ Github .
π Medium .
πΊ YouTube .
π© Telegram .
π΅οΈββοΈ My Site .
Visit our for e-books and courses. π