Tags: rmi java 

Rating: 0

For a detailed writeup follow the link.

- RMI server running on target
- We can inject code by passing custom objects to the remote method
- Due to a bad security manager we can access the file system
- Flag is stored in file `flag`