Home page logo
/

metasploit logo Metasploit mailing list archives

Re: scanning for JAVA versions (Peter Fellini)
From: "Scott McClellan" <Scott.McClellan () tn gov>
Date: Thu, 26 May 2011 07:43:16 -0500

I agree...what I suggested is a long shot.  There's no certain way to tell.

Joshua Smith <lazydj98 () gmail com> 5/25/2011 3:26 PM >>>
This is standard client-side type issue. Generally you're not going to know the version unless you have other accesses 
or knowledge... atleast I'm not aware of a way to remotely determine the java version, java is not normally running as 
a server. It's like trying to determine the version of Adobe Reader. I believe the only way vuln scanners do it is via 
credentialed connections (like over WMI etc)

-Josh

On Wed, May 25, 2011 at 3:47 PM, Scott McClellan <Scott.McClellan () tn gov> wrote:


Hmm...I think the scanners nessus or retina/blink can tell you java versions; not sure, though. 
Alternatively (and it would be noisy), you could try scripting out some of the java exploits using msfcli, run them 
against your target, and see if you get a shell. That would definitely tell you java version. 

Peter Fellini <p_fellini () hotmail com> 5/25/2011 2:37 PM >>>

I'm looking to scan machines and inquire what version of Java and if it was Java 6 pre update 24 have it as a candidate 
for exploiting.

Thanks

Date: Wed, 25 May 2011 14:15:39 -0500
From: Scott.McClellan () tn gov
To: framework () spool metasploit com
Subject: Re: [framework] scanning for JAVA versions (Peter Fellini)

Are you looking to write a metasploit module to do this? Or do you want to check the version of java running on a box 
that you've exploited? 
Message: 2
Date: Wed, 25 May 2011 10:46:55 -0400
From: Peter Fellini <p_fellini () hotmail com>
To: <framework () spool metasploit com>
Subject: [framework] scanning for JAVA versions
Message-ID: <BAY160-w58ECCC80BA66486566138D8D740 () phx gbl>
Content-Type: text/plain; charset="iso-8859-1"

Would anyone be able to assist me with the best tool and parameters to scan machines for JAVA versions.
Thanks

_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework 

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework





-- 
- Josh
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]