Nmap Development mailing list archives
rmiregistry default configuration vulnerability script
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 25 May 2012 20:48:07 +0200
Hi All, I've written a script to test rmiregistry servers for this default configuration vulnerability which allows remote class loading and therefore remote code execution. There is a Metasploit exploit for this vulnerability. To test it , you just need to run rmiregistry which comes with any JRE installation (rmiregistry.exe on Windows, rmiregistry on Linux) and then run the script against it. I've attached the script and a small patch for rmi.lua library as I needed one function to add raw data as arguments to writeMethodCall. The sciript contains already serialized data, it was easier to do it that way then implement the whole serialization in the library. For additional info , see references in the script. Please tell me if you have any comments and suggestions. Thanks, Aleksandar
Attachment:
rmi-vuln-classloader.nse
Description:
Attachment:
rmi.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- rmiregistry default configuration vulnerability script Aleksandar Nikolic (May 25)
- Re: rmiregistry default configuration vulnerability script Patrik Karlsson (May 25)
- <Possible follow-ups>
- Re: rmiregistry default configuration vulnerability script Marcus Haebler (May 26)
- Re: rmiregistry default configuration vulnerability script Aleksandar Nikolic (May 26)
- Re: rmiregistry default configuration vulnerability script David Fifield (May 27)
- Re: rmiregistry default configuration vulnerability script Aleksandar Nikolic (May 28)
- Re: rmiregistry default configuration vulnerability script Patrik Karlsson (May 29)
- Re: rmiregistry default configuration vulnerability script Aleksandar Nikolic (May 26)