Metasploit mailing list archives
Re: scanning for JAVA versions (Peter Fellini)
From: "Scott McClellan" <Scott.McClellan () tn gov>
Date: Thu, 26 May 2011 07:43:16 -0500
I agree...what I suggested is a long shot. There's no certain way to tell.
Joshua Smith <lazydj98 () gmail com> 5/25/2011 3:26 PM >>>
This is standard client-side type issue. Generally you're not going to know the version unless you have other accesses or knowledge... atleast I'm not aware of a way to remotely determine the java version, java is not normally running as a server. It's like trying to determine the version of Adobe Reader. I believe the only way vuln scanners do it is via credentialed connections (like over WMI etc) -Josh On Wed, May 25, 2011 at 3:47 PM, Scott McClellan <Scott.McClellan () tn gov> wrote: Hmm...I think the scanners nessus or retina/blink can tell you java versions; not sure, though. Alternatively (and it would be noisy), you could try scripting out some of the java exploits using msfcli, run them against your target, and see if you get a shell. That would definitely tell you java version.
Peter Fellini <p_fellini () hotmail com> 5/25/2011 2:37 PM >>>
I'm looking to scan machines and inquire what version of Java and if it was Java 6 pre update 24 have it as a candidate for exploiting. Thanks Date: Wed, 25 May 2011 14:15:39 -0500 From: Scott.McClellan () tn gov To: framework () spool metasploit com Subject: Re: [framework] scanning for JAVA versions (Peter Fellini) Are you looking to write a metasploit module to do this? Or do you want to check the version of java running on a box that you've exploited? Message: 2 Date: Wed, 25 May 2011 10:46:55 -0400 From: Peter Fellini <p_fellini () hotmail com> To: <framework () spool metasploit com> Subject: [framework] scanning for JAVA versions Message-ID: <BAY160-w58ECCC80BA66486566138D8D740 () phx gbl> Content-Type: text/plain; charset="iso-8859-1" Would anyone be able to assist me with the best tool and parameters to scan machines for JAVA versions. Thanks _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework -- - Josh
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: scanning for JAVA versions (Peter Fellini) Scott McClellan (May 25)
- Re: scanning for JAVA versions (Peter Fellini) Peter Fellini (May 25)
- Re: scanning for JAVA versions (Peter Fellini) Scott McClellan (May 25)
- Message not available
- Re: scanning for JAVA versions (Peter Fellini) Joshua Smith (May 25)
- Message not available
- Re: scanning for JAVA versions (Peter Fellini) Scott McClellan (May 26)
- Re: scanning for JAVA versions (Peter Fellini) Scott McClellan (May 25)
- Re: scanning for JAVA versions (Peter Fellini) Peter Fellini (May 25)