mailing list archives
Re: scanning for JAVA versions (Peter Fellini)
From: "Scott McClellan" <Scott.McClellan () tn gov>
Date: Thu, 26 May 2011 07:43:16 -0500
I agree...what I suggested is a long shot. There's no certain way to tell.
Joshua Smith <lazydj98 () gmail com> 5/25/2011 3:26 PM >>>
This is standard client-side type issue. Generally you're not going to know the version unless you have other accesses
or knowledge... atleast I'm not aware of a way to remotely determine the java version, java is not normally running as
a server. It's like trying to determine the version of Adobe Reader. I believe the only way vuln scanners do it is via
credentialed connections (like over WMI etc)
On Wed, May 25, 2011 at 3:47 PM, Scott McClellan <Scott.McClellan () tn gov> wrote:
Hmm...I think the scanners nessus or retina/blink can tell you java versions; not sure, though.
Alternatively (and it would be noisy), you could try scripting out some of the java exploits using msfcli, run them
against your target, and see if you get a shell. That would definitely tell you java version.
Peter Fellini <p_fellini () hotmail com> 5/25/2011 2:37 PM >>>
I'm looking to scan machines and inquire what version of Java and if it was Java 6 pre update 24 have it as a candidate
Date: Wed, 25 May 2011 14:15:39 -0500
From: Scott.McClellan () tn gov
To: framework () spool metasploit com
Subject: Re: [framework] scanning for JAVA versions (Peter Fellini)
Are you looking to write a metasploit module to do this? Or do you want to check the version of java running on a box
that you've exploited?
Date: Wed, 25 May 2011 10:46:55 -0400
From: Peter Fellini <p_fellini () hotmail com>
To: <framework () spool metasploit com>
Subject: [framework] scanning for JAVA versions
Message-ID: <BAY160-w58ECCC80BA66486566138D8D740 () phx gbl>
Content-Type: text/plain; charset="iso-8859-1"
Would anyone be able to assist me with the best tool and parameters to scan machines for JAVA versions.