> For the complete documentation index, see [llms.txt](https://www.verylazytech.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.verylazytech.com/network-pentesting/rlogin-port-513.md).

# Rlogin - Port 513

{% tabs %}
{% tab title="Support VeryLazyTech 🎉" %}
Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**

* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚
  {% endtab %}
  {% endtabs %}

## Basic Info <a href="#basic-information" id="basic-information"></a>

In the past, **rlogin** was widely utilized for remote administration tasks. However, due to concerns regarding its security, it has largely been superseded by **slogin** and **ssh**. These newer methods provide enhanced security for remote connections.

**Default port:** 513

```
PORT    STATE SERVICE
513/tcp open  login
```

Rlogin, once used for remote Unix system access, is now considered insecure due to its lack of encryption and reliance on trust relationships. Pentesting it involves identifying vulnerabilities like password sniffing or misconfigured files, which can allow unauthorized access.

***

## Enumeration

**Check for Rlogin Service**\
First, scan the target system to see if port 513 is open, as Rlogin typically uses this port.&#x20;

```
nmap -sT -p 513 target_ip
```

Use netcat to grab the server banner:

```
nc target_ip 513
```

This can reveal the software version, which you can check for known vulnerabilities.

## **Brute force**

**Attempt Login with Common Credentials**\
Try logging in with common usernames (e.g., root, admin) and passwords (e.g., 123456, password) using tools like Hydra:

```
hydra -l root -P /path/to/passwords.txt target_ip rlogin
```

**Check for Trust Relationships**\
Try logging in without a password for different usernames using the command:

```
# Install client
apt-get install rsh-client
rlogin target_ip -l username
```

Success without a password suggests a misconfigured .rhosts or /etc/hosts.equiv file, allowing trust-based access.

## Find files <a href="#find-files" id="find-files"></a>

```
find / -name .rhosts
```

***

{% hint style="success" %}
Learn & practice [**For the OSCP.**](https://shop.verylazytech.com/)

<details>

<summary>Support VeryLazyTech 🎉</summary>

Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**

* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚

</details>
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://www.verylazytech.com/network-pentesting/rlogin-port-513.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.