6 comments on “Hack remote PC with Jenkins CLI RMI Java Deserialization exploit

  1. Hey there,

    I’m pretty new to deserialization exploits. I’m trying to use this on random sites but i get “exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (URL/IP goes here)”.

    Is this what happens when a site isn’t vulnerable? Or Am I doing something wrong?

    Here is a screenshot of the result: http://imgur.com/UD6IpFF

    Any help you could provide would be super appreciated!

    • Your screenshot is not there. Sorry for the late reply. But the error definitely means firewall is blocking it or you are targeting a wrong port.

  2. Good One Bro 🙂
    I have read your both magazines, October and November edition. You explain very well, my question is about to real world penetration testing which that, in case we use kali linux from our virtual environment that is oracle VM or VMware whats ever and mostly we uses NAT or Bridge connection if we use vpn or any proxy chain, in that case which ip we use to back connect to us.?
    Kali vm ip or our public ip?
    suppose!
    i am going to hack a website which have SQL injection vuln, before that i will use anonymity like vpn or proxy chains, in that case if we grab data from server or any communication back to server or any thing else to where we have to use our ip which ip we have to use and how system acknowledge that and response back and how can we sure that we are anonymous??

    sorry for my bad english
    waiting for your kind response 🙁

    • Hey Real Stone. Thanks for reading my magazines. Your question has been answered in the December issue of the magazine. It’s free of charge to download.

Leave a Reply

Your email address will not be published. Required fields are marked *