Home page logo

nmap-dev logo Nmap Development mailing list archives

rmiregistry default configuration vulnerability script
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 25 May 2012 20:48:07 +0200

Hi All,

I've written a script to test rmiregistry servers for this default
vulnerability which allows remote class loading and therefore remote
code execution.

There is a Metasploit exploit for this vulnerability.

To test it , you just need to run rmiregistry which comes with
any JRE installation (rmiregistry.exe on Windows, rmiregistry on Linux)
and then run the script against it.

I've attached the script and a small patch for rmi.lua library as I needed
one function to add raw data as arguments to writeMethodCall.
The sciript contains already serialized data, it was easier to do it
that way then implement the whole serialization in the library.
For additional info , see references in the script.

Please tell me if you have any comments and suggestions.


Attachment: rmi-vuln-classloader.nse

Attachment: rmi.diff

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]