jdwp-exec
脚本使用类型:
portrule
脚本所属分类:
exploit, intrusive
脚本下载地址: http://nmap.org/svn/scripts/jdwp-exec.nse
Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script abuses this to inject and execute a Java class file that executes the supplied shell command and returns its output.
The script injects the JDWPSystemInfo class from nselib/jdwp-class/ and executes its run() method which accepts a shell command as its argument.
Command to execute on the remote system.
执行格式
nmap -sT <target> -p <port> --script=+jdwp-exec --script-args cmd="date"
PORT STATE SERVICE REASON 2010/tcp open search syn-ack | jdwp-exec: | date output: | Sat Aug 11 15:27:21 Central European Daylight Time 2012 |_
Author: Aleksandar Nikolic
License: VER007 整理 http://www.ver007.com