OpenSkillIndex← back to search

Hacktricks-skills pentesting-rlogin

Pentest Rlogin (port 513) services on target systems. Use this skill when you need to test for Rlogin vulnerabilities, attempt unauthorized access via .rhosts files, or enumerate Rlogin services during security assessments. Trigger this skill for any Rlogin-related reconnaissance, authentication testing, or brute force attempts on port 513.

install
source · Clone the upstream repo
git clone https://github.com/abelrguezr/hacktricks-skills
manifest: skills/network-services-pentesting/pentesting-rlogin/SKILL.MD
source content

Pentesting Rlogin

A skill for testing Rlogin (Remote Login) service vulnerabilities during authorized security assessments.

Overview

Rlogin is a legacy remote login protocol that runs on port 513/tcp. Due to significant security weaknesses, it has been largely replaced by SSH. However, it may still be found on older systems or misconfigured servers.

Key characteristics:

  • Default port: 513/tcp
  • Service name: login
  • Often allows passwordless access via .rhosts files
  • No encryption - credentials transmitted in plaintext

Prerequisites

Before attempting Rlogin tests, ensure you have:

  • Authorization to test the target system
  • Network access to port 513
  • rsh-client installed (on Debian/Ubuntu: 
    apt-get install rsh-client
    )

Testing Workflow

1. Identify Rlogin Service

First, confirm the service is running:

nmap -p 513 <target-ip>

Expected output:

PORT    STATE SERVICE
513/tcp open  login

2. Attempt Direct Login

Try connecting with common usernames. Some systems allow passwordless access if .rhosts is misconfigured:

rlogin <target-ip> -l root
rlogin <target-ip> -l <username>

3. Locate .rhosts Files

If you gain any access, search for .rhosts files that might grant unauthorized access:

find / -name .rhosts 2>/dev/null

Check contents of any found files - they may contain entries that allow passwordless login from specific hosts.

4. Brute Force Authentication

If direct login fails, attempt brute force attacks using tools like Hydra:

hydra -l <username> -P <wordlist> rlogin://<target-ip>

Common Vulnerabilities

  • Passwordless access: .rhosts files with 
    + +
    entries allow any user from any host
  • Weak authentication: No encryption means credentials can be intercepted
  • Default configurations: Many systems have .rhosts enabled by default
  • Legacy systems: Older systems may not have been updated to disable Rlogin

Mitigation Recommendations

  • Disable Rlogin service if not needed
  • Remove or secure .rhosts files
  • Use SSH instead of Rlogin
  • Implement network segmentation to limit Rlogin access
  • Regularly audit for legacy services

Legal and Ethical Considerations

This skill is intended for authorized security testing only. Always obtain proper authorization before testing any system. Unauthorized access to computer systems is illegal and unethical.