x

R-Services (512, 513, 514)

Ports 512, 513, and 514 correspond to older, insecure remote services that were commonly used on UNIX-based systems for remote execution, login, and shell access. These services allow remote users to interact with a machine over the network, but they lack encryption and proper authentication mechanisms, making them vulnerable to various types of attacks, such as credential interception and unauthorized access. As a result, they have been largely deprecated in favor of more secure alternatives like SSH (Secure Shell).

Port 512: exec (Remote Execution)

Service Name: exec
Port Number: 512

  • Description: The exec service allows remote users to execute commands on a system. It was primarily used to run remote programs without establishing an interactive session. While useful in certain networked environments, it is extremely insecure because it does not require any form of authentication, and it transmits data in plaintext.

Security Concerns:

  • No encryption: Communication is unencrypted, making it vulnerable to interception.
  • Lack of authentication: Anyone can send commands to a remote system without verifying identity.
  • Historically used by tools like rexec (Remote Execution), which have been deprecated in favor of more secure alternatives like SSH.

Port 513: login (Remote Login)

Service Name: login
Port Number: 513

  • Description: The login service provides a mechanism for remote login to a system, typically using the rlogin command. This allows users to log into remote systems within the same network. However, it does not provide secure authentication or encryption of the data being transmitted

Security Concerns:

  • No encryption: Credentials and data are transmitted in plaintext.
  • Weak authentication: The lack of strong authentication mechanisms makes it susceptible to attacks like man-in-the-middle (MITM) and credential theft.
  • Easily replaced by SSH (Secure Shell), which provides encrypted communication and stronger authentication.

Port 514: shell (Remote Shell)

Service Name: shell
Port Number: 514

  • Description: The shell service allows remote users to access the command-line interface (shell) of a system via the rsh (Remote Shell) command. Like exec and login, rsh transmits data without encryption, making it prone to eavesdropping.

Security Concerns:

  • No encryption: Data, including sensitive commands and credentials, are transmitted in cleartext.
  • Unauthenticated access: This service lacks secure authentication, which can lead to unauthorized users executing arbitrary commands.
  • rsh has been superseded by SSH, which provides encryption and secure access control.

Enumeration

Interact with RPC service 

rpcclient -U username -p 445 target_ip

nmap - RPC enum 

nmap -p 135 --script=rpcinfo target_ip

Impacket RPCDump 

rpcdump -U username target_ip

SMBClient
SMBClient interacts with smb shares over RPC 

smbclient -L //target_ip -U username

Pypykatz
Python tool to extract credentials for Windows systems, leveraging MSRPC service to query for cached credentials and other sensitive information. 

pypykatz dump --lsa target_ip

https://hacktricks.boitatech.com.br/pentesting/512-pentesting-rexec
https://hacktricks.boitatech.com.br/pentesting/pentesting-rlogin
https://hacktricks.boitatech.com.br/pentesting/pentesting-rsh

Left-click: follow link, Right-click: select node, Scroll: zoom
x