R-Services

ABOUT

R-Services are a suite of services hosted to enable remote access or issue commands between Unix hosts over TCP/IP. Much like telnet, r-services transmit information from client to server(and vice versa.) over the network in an unencrypted format, making it possible for attackers to intercept network traffic (passwords, login information, etc.) by performing man-in-the-middle (MITM) attacks. R-Services mostly using ports 512, 513, 514 and only accessible via suite of programs known as r-commands. The R-commands suite contains:

rcp (remote copy)
rexec (remote execution)
rlogin (remote login)
rsh (remote shell)
rstat
ruptime
rwho (remote who)

Quick Overview

Command

Service Daemon

Port

Transport Protocol

Description

rcp

rshd

514

TCP

Copy a file from the local system to remote (or vice versa). Works like cp but don't provide warning for overwriting files.

rsh

rshd

514

TCP

Opens a shell on remote machine without login. Relies upon trusted entries in the /etc/hosts/equiv and .rhosts files for validation

rexec

rexecd

512

TCP

Enables to run shell command on remote machine. Requires authentification with username:password or with /etc/hosts/equiv and .rhosts files

rlogin

rlogind

513

TCP

Enables a user log in to a remote host over the network. Unix-only. Use /etc/hosts/equiv and .rhosts files to authentification

Tips2Hack

Logging in Using Rlogin

rlogin 13.13.13.13 -l username

Listing Authenticated Users Using Rwho

rwho

Listing Authenticated Users Using Rusers

rusers -al 13.13.13.13

PreviousIPMI NextWinRM

Last updated 5 months ago