# Rlogin - Port 513

{% tabs %}
{% tab title="Support VeryLazyTech 🎉" %}
Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**

* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚
  {% endtab %}
  {% endtabs %}

## Basic Info <a href="#basic-information" id="basic-information"></a>

In the past, **rlogin** was widely utilized for remote administration tasks. However, due to concerns regarding its security, it has largely been superseded by **slogin** and **ssh**. These newer methods provide enhanced security for remote connections.

**Default port:** 513

```
PORT    STATE SERVICE
513/tcp open  login
```

Rlogin, once used for remote Unix system access, is now considered insecure due to its lack of encryption and reliance on trust relationships. Pentesting it involves identifying vulnerabilities like password sniffing or misconfigured files, which can allow unauthorized access.

***

## Enumeration

**Check for Rlogin Service**\
First, scan the target system to see if port 513 is open, as Rlogin typically uses this port.&#x20;

```
nmap -sT -p 513 target_ip
```

Use netcat to grab the server banner:

```
nc target_ip 513
```

This can reveal the software version, which you can check for known vulnerabilities.

## **Brute force**

**Attempt Login with Common Credentials**\
Try logging in with common usernames (e.g., root, admin) and passwords (e.g., 123456, password) using tools like Hydra:

```
hydra -l root -P /path/to/passwords.txt target_ip rlogin
```

**Check for Trust Relationships**\
Try logging in without a password for different usernames using the command:

```
# Install client
apt-get install rsh-client
rlogin target_ip -l username
```

Success without a password suggests a misconfigured .rhosts or /etc/hosts.equiv file, allowing trust-based access.

## Find files <a href="#find-files" id="find-files"></a>

```
find / -name .rhosts
```

***

{% hint style="success" %}
Learn & practice [**For the OSCP.**](https://shop.verylazytech.com/)

<details>

<summary>Support VeryLazyTech 🎉</summary>

Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁**

* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚

</details>
{% endhint %}