Rlogin - Port 513

Basic Info

In the past, rlogin was widely utilized for remote administration tasks. However, due to concerns regarding its security, it has largely been superseded by slogin and ssh. These newer methods provide enhanced security for remote connections.

Default port: 513

PORT    STATE SERVICE
513/tcp open  login

Rlogin, once used for remote Unix system access, is now considered insecure due to its lack of encryption and reliance on trust relationships. Pentesting it involves identifying vulnerabilities like password sniffing or misconfigured files, which can allow unauthorized access.

Enumeration

Check for Rlogin Service First, scan the target system to see if port 513 is open, as Rlogin typically uses this port.

nmap -sT -p 513 target_ip

Use netcat to grab the server banner:

nc target_ip 513

This can reveal the software version, which you can check for known vulnerabilities.

Brute force

Attempt Login with Common Credentials Try logging in with common usernames (e.g., root, admin) and passwords (e.g., 123456, password) using tools like Hydra:

hydra -l root -P /path/to/passwords.txt target_ip rlogin

Check for Trust Relationships Try logging in without a password for different usernames using the command:

# Install client
apt-get install rsh-client
rlogin target_ip -l username

Success without a password suggests a misconfigured .rhosts or /etc/hosts.equiv file, allowing trust-based access.

Find files

find / -name .rhosts