.NET Remoting Service
Nmap discovered a .NET Remoting Service on the target port 17001
The running service is MS .NET Remoting services
/Practice/Algernon/2-Enumeration/attachments/Pasted-image-20250322140457.png)
.NET Remoting is a Microsoft application programming interface (API) for interprocess communication released in 2002 with the 1.0 version of .NET Framework. It is one in a series of Microsoft technologies that began in 1990 with the first version of Object Linking and Embedding (OLE) for 16-bit Windows. Intermediate steps in the development of these technologies were Component Object Model (COM) released in 1993 and updated in 1995 as COM-95, Distributed Component Object Model (DCOM), released in 1997 (and renamed ActiveX), and COM+ with its Microsoft Transaction Server (MTS), released in 2000. It is now superseded by Windows Communication Foundation (WCF), which is part of the .NET Framework 3.0.
Like its family members and similar technologies such as Common Object Request Broker Architecture (CORBA) and Java’s remote method invocation (RMI), .NET Remoting is complex, yet its essence is straightforward. With the assistance of operating system and network agents, a client process sends a message to a server process and receives a reply.
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/algernon/ftp]
└─$ telnet $IP 17001
Trying 192.168.236.65...
Connected to 192.168.236.65.
Escape character is '^]'.
test
.NETSystem.Runtime.Remoting.RemotingException: Tcp channel protocol violation: expecting preamble.
at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadAndMatchPreamble()
at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadVersionAndOperation(UInt16& operation)
at System.Runtime.Remoting.Channels.Tcp.TcpServerSocketHandler.ReadHeaders()
at System.Runtime.Remoting.Channels.Tcp.TcpServerTransportSink.ServiceRequest(Object state)
at System.Runtime.Remoting.Channels.SocketHandler.ProcessRequestNow()Connection closed by foreign host.It is indeed .NET Remoting
This might be used by the SmarterMail service
/Practice/Algernon/2-Enumeration/attachments/{DF10DDDD-8AF9-4009-B8AA-43A8FE6A9B67}.png)
Referring to the official documentation, the SmarterMail service uses port 17001 by default for communication with the web interface
Vulnerabilities
/Practice/Algernon/2-Enumeration/attachments/{2EB88471-D00E-4F26-9338-50AFADCFF66D}.png)
Looking it up online for known vulnerability reveals an RCE exploit for CVE-2019-7214, which targets the communication endpoint on the port 17001