Nmap Development mailing list archives

Re: Java RMI service finderprint?

From: Martin Holst Swende <martin () swende se>
Date: Thu, 16 Jun 2011 14:12:11 +0200

----- Ursprungsmeddelande -----

----- Ursprungsmeddelande -----

On Wed, Jun 15, 2011 at 10:53:09PM +0200, Martin Holst Swende wrote:

----- Ursprungsmeddelande -----

On Mon, Jun 13, 2011 at 05:00:50PM -0700, Gabriel Lawrence wrote:

Its worth noting that there is a script:

rmi-dumpregistry

that has this as its portrule:

portrule = shortport.port_or_service({1098, 1099, 1090, 8901,
8902, 8903}, {"rmi"})

but the info in nmap-service-probes is calling the service jrmi
so things dont match up.

One or the other should really be changed to match.


Good call. I have changed it to be rmiregistry in both places, to
match nmap-services. I don't know if the rmiregistry service is
different from other RMI services.


Hm. Don't know if i misunderstood you now, but to clarify: the
fingerprint detects a java rmi endpoint, or service. An rmi registry
is just a common rmi service used for storing object references. 

So the service should be rmi or jrmi, but whether it is a registry is
not detected until later during the script execution.


So rmiregistry is just an application of a lower-level RMI protocol? In
other words, it uses as a transport the same protocol that it is
registering?


Yes, except that it does not 'register rmi', it is a place where rmi
objects register themselves so other objects can do lookups on them. But
it's just an app, nothing magic or special except being very common.


David Fifield


/Martin on n900


ps. If we want to be picky, I believe the protocol is actually called jrmp. But I think java-rmi would be more 
informative.
/Martin

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Java RMI service finderprint? Gabriel Lawrence (Jun 13)
- Re: Java RMI service finderprint? Gabriel Lawrence (Jun 13)
  - Re: Java RMI service finderprint? David Fifield (Jun 15)
    - Re: Java RMI service finderprint? Martin Holst Swende (Jun 15)
    - Re: Java RMI service finderprint? David Fifield (Jun 15)
    - Re: Java RMI service finderprint? Martin Holst Swende (Jun 15)
    - Re: Java RMI service finderprint? Martin Holst Swende (Jun 16)
- Re: Java RMI service finderprint? Patrik Karlsson (Jun 14)
  - Re: Java RMI service finderprint? Martin Holst Swende (Jun 14)
    - Re: Java RMI service finderprint? Gabriel Lawrence (Jun 14)
    - Re: Java RMI service finderprint? Martin Holst Swende (Jun 14)
    - Re: Java RMI service finderprint? Gabriel Lawrence (Jun 14)
    - Re: Java RMI service finderprint? David Fifield (Jun 15)
    - Re: Java RMI service finderprint? Gabriel Lawrence (Jun 15)
    - Re: Java RMI service finderprint? David Fifield (Jun 15)
    - Re: Java RMI service finderprint? Martin Holst Swende (Jun 15)