Nmap Development mailing list archives
Problems writing a nmap-service-probe for jdwp (Java debug wire protocol)
From: Michael Schierl <schierlm () gmx de>
Date: Fri, 12 Mar 2010 18:38:59 +0100
[Please Cc: me as I am not subscribed to the list. Thanks.] Hello, I tried to write a probe for JDWP, which you can find open in some corporate networks to enable people debugging services running on some servers (an open port in the internet might be desastrous to the security of the system, though, as the debugger can upload any Java code and run it). However, JDWP is quite picky about who it speaks to. The conversation has to start with the magic string "JDWP-Handshake", or the socket is closed immediately. In addition, if that string is not received within the first two seconds, the port is also closed. Currently, the null probe will timeout and report the port as tcpwrapped, and my script is not even run. When reducing the timeout of the null probe to 1 second for example, my probe will work (and detect the jdwp version just fine), but of course this is not good for detecting other protocols. I don't really know how I can tell nmap to try this probe on ports that were previously closed (tcpwrpped) when trying the null probe. Documentation for JDWP is available at http://java.sun.com/j2se/1.5.0/docs/guide/jpda/jdwp-spec.html The probe below sends a VirtualMachine_Version request, documented at http://java.sun.com/j2se/1.5.0/docs/guide/jpda/jdwp/jdwp-protocol.html#JDWP_VirtualMachine_Version To try it, take any java program (which is run via the normal java launcher) and add -Xrunjdwp:transport=dt_socket,server=y,address=8000,suspend=n as first parameter between the java binary and the other parameters (class path, jar etc.) This will listen on port 8000 and not suspend the VM (so the program will continue running fine as long as the debugger does not send a suspend command). Regards, Michael
Attachment:
probe.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) Michael Schierl (Mar 12)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) jrf (Mar 12)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) Brandon Enright (Mar 12)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) Michael Schierl (Mar 13)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) Michael Schierl (Mar 16)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) Brandon Enright (Mar 16)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) Michael Schierl (Mar 16)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) David Fifield (Mar 16)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) Michael Schierl (Mar 17)
- Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol) David Fifield (Mar 17)