Port: TCP 512,513,514
Service: “R” Services
Vulnerability: These TCP ports have the “R” services running, such as “rlogin”, and they are configured to allow remote access from any host. There are several security issues with rlogin, one being, the data is sent unencrypted, which means just like with telnet, an attacker could sniff traffic, and gain access to login information.
Mitigation: Disable use of rlogin, and switch to SSH instead
Proof of Concept
This attack is about as simple as it gets. From the attacking machine, open a terminal, and type the following:
- rlogin -l root ip-of-metasploitable
*NOTE* – when you type in the above command, if it gives you an error about a “public key”, it means the rsh-client is not installed on your machine, and it’s defaulting to SSH. To install the rsh-client, use apt-get, then try the above “attack” again.