Nmap Development mailing list archives
[NSE] Announcing jdwp library and scripts
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Sun, 12 Aug 2012 20:33:47 +0200
Hi all, lately I've been working on Java Debug Wire Protocol library in order to exploit it for few scripts from Script Ideas page. The library its self implement enough functionality to achieve custom java bytecode injection and execution which following three scripts leverage: jdwp-info script inject JDWPSystemInfo class which gathers information from the remote system. Example output: -- PORT STATE SERVICE REASON -- 2010/tcp open search syn-ack -- | jdwp-info: -- | Available processors: 1 -- | Free memory: 15331736 -- | File system root: A:\ -- | Total space (bytes): 0 -- | Free space (bytes): 0 -- | File system root: C:\ -- | Total space (bytes): 42935926784 -- | Free space (bytes): 29779054592 -- | File system root: D:\ -- | Total space (bytes): 0 -- | Free space (bytes): 0 -- | Name of the OS: Windows XP -- | OS Version : 5.1 -- | OS patch level : Service Pack 3 -- | OS Architecture: x86 -- | Java version: 1.7.0_01 -- | Username: user -- | User home: C:\Documents and Settings\user -- |_ System time: Sat Aug 11 15:21:44 CEST 2012 jdwp-exec script injects JDWPExecCmd java class which executes custom shell command specified as "cmd" script argument and returns its output: -- PORT STATE SERVICE REASON -- 2010/tcp open search syn-ack -- | jdwp-exec: -- | date output: -- | Sat Aug 11 15:27:21 Central European Daylight Time 2012 -- |_ And finaly, jdwp-inject which allows specifying custom java .class file to inject into a remote JVM. Upon injection the script calls injected class' run() method and gets its output. Sample of injecting simple "Hello world" class: -- PORT STATE SERVICE REASON -- 2010/tcp open search syn-ack -- | jdwp-inject: -- |_ Hello world from the remote machine! Source and compiled classes are in nselib/data/jdwp-class/ directory. It also contains a small readme file explaining how to compile them and how to write your own classes to inject. Find the jdwp-class directory attached as a jdwp-class zip file. Many thanks to Michael Schierl, who is the author of jdwp-version script, for his work on javapayload (http://schierlm.users.sourceforge.net/JavaPayload/) from which I got the ideas on how to inject class files. As always, I welcome comments, suggestions and ideas for improvements to these. Aleksandar
Attachment:
jdwp-class.zip
Description:
Attachment:
jdwp.lua
Description:
Attachment:
jdwp-exec.nse
Description:
Attachment:
jdwp-info.nse
Description:
Attachment:
jdwp-inject.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Announcing jdwp library and scripts Aleksandar Nikolic (Aug 12)
- Re: [NSE] Announcing jdwp library and scripts Ron (Aug 13)
- Re: [NSE] Announcing jdwp library and scripts Aleksandar Nikolic (Aug 14)
- Re: [NSE] Announcing jdwp library and scripts Ron (Aug 13)