Re: Java RMI service finderprint?

[David Fifield <david () bamsoftware com>]

On Wed, Jun 15, 2011 at 10:53:09PM +0200, Martin Holst Swende wrote:
> ----- Ursprungsmeddelande -----
> > On Mon, Jun 13, 2011 at 05:00:50PM -0700, Gabriel Lawrence wrote:
> > > Its worth noting that there is a script:
> > >
> > > rmi-dumpregistry
> > >
> > > that has this as its portrule:
> > >
> > > portrule = shortport.port_or_service({1098, 1099, 1090, 8901, 8902,
> > > 8903}, {"rmi"})
> > >
> > > but the info in nmap-service-probes is calling the service jrmi so
> > > things dont match up.
> > >
> > > One or the other should really be changed to match.
> >
> > Good call. I have changed it to be rmiregistry in both places, to match
> > nmap-services. I don't know if the rmiregistry service is different from
> > other RMI services.
>
> Hm. Don't know if i misunderstood you now, but to clarify: the fingerprint detects a java rmi endpoint, or service. 
> An rmi registry is just a common rmi service used for storing object references. 
>
> So the service should be rmi or jrmi, but whether it is a registry is not detected until later during the script 
> execution.

So rmiregistry is just an application of a lower-level RMI protocol? In
other words, it uses as a transport the same protocol that it is
registering?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/