Rexec - Port 512
It is a service that allows you to execute a command inside a host if you know valid credentials (username and password).
Become VeryLazyTech member! π
Follow us on:
β Twitter @VeryLazyTech.
πΎ Github @VeryLazyTech.
π Medium @VeryLazyTech.
πΊ YouTube @VeryLazyTech.
π© Telegram @VeryLazyTech.
π΅οΈββοΈ My Site @VeryLazyTech.
Visit our shop for e-books and courses. π
Basic Info
It is a service that allows you to execute a command inside a host if you know valid credentials (username and password).
Default Port: 512
PORT STATE SERVICE
512/tcp open execScanning for Hosts
Start by using Nmap to scan for hosts with port 512 open, which is the default port for Rexec:
This will help identify potential targets with the Rexec service running.
Brute-Forcing Credentials
Use Metasploit's auxiliary/scanner/rservices/rexec_login module to brute-force username and password combinations:
Load the module:
Set the target and options, such as username and password files:
This will attempt to find valid credentials, exploiting Rexec's clear-text password vulnerability.
Exploiting with Command Execution
Once credentials are obtained, use the rexec command to execute a backdoor command. For example, start a netcat listener:
Then, connect to the backdoor:
Alternatively, set up a reverse shell:
Learn & practice For the OSCP.
Last updated