mailing list archives
Re: scanning for JAVA versions (Peter Fellini)
From: Joshua Smith <lazydj98 () gmail com>
Date: Wed, 25 May 2011 16:27:27 -0400
Sorry, sent this to Scott directly the first time around
This is standard client-side type issue. Generally you're not going to know
the version unless you have other accesses or knowledge... atleast I'm not
aware of a way to remotely determine the java version, java is not normally
running as a server. It's like trying to determine the version of Adobe
Reader. I believe the only way vuln scanners do it is via credentialed
connections (like over WMI etc)
On Wed, May 25, 2011 at 3:47 PM, Scott McClellan <Scott.McClellan () tn gov>wrote:
Hmm...I think the scanners nessus or retina/blink can tell you java
versions; not sure, though.
Alternatively (and it would be noisy), you could try scripting out some of
the java exploits using msfcli, run them against your target, and see if you
get a shell. That would definitely tell you java version.
Peter Fellini <p_fellini () hotmail com> 5/25/2011 2:37 PM >>>
I'm looking to scan machines and inquire what version of Java and if it
was Java 6 pre update 24 have it as a candidate for exploiting.
Date: Wed, 25 May 2011 14:15:39 -0500
From: Scott.McClellan () tn gov
To: framework () spool metasploit com
Subject: Re: [framework] scanning for JAVA versions (Peter Fellini)
Are you looking to write a metasploit module to do this? Or do you want
to check the version of java running on a box that you've exploited?
Date: Wed, 25 May 2011 10:46:55 -0400
From: Peter Fellini <p_fellini () hotmail com>
To: <framework () spool metasploit com>
Subject: [framework] scanning for JAVA versions
Message-ID: <BAY160-w58ECCC80BA66486566138D8D740 () phx gbl>
Content-Type: text/plain; charset="iso-8859-1"
Would anyone be able to assist me with the best tool and parameters to
scan machines for JAVA versions.