File rmi-vuln-classloader

脚本使用类型: portrule
脚本所属分类: intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/rmi-vuln-classloader.nse

User Summary

Tests whether Java rmiregistry allows class loading. The default configuration of rmiregistry allows loading classes from remote URLs, which can lead to remote code execution. The vendor (Oracle/Sun) classifies this as a design feature.

Based on original Metasploit module by mihi.

References:

• http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/multi/misc/java_rmi_server.rb

Script Arguments

vulns.showall

Example Usage

执行格式

nmap --script=rmi-vuln-classloader -p 1099 <target>

Script Output

PORT     STATE SERVICE
1099/tcp open  rmiregistry
| rmi-vuln:
|   VULNERABLE:
|   RMI registry default configuration remote code execution vulnerability
|     State: VULNERABLE
|     Description:
|               Default configuration of RMI registry allows loading classes from remote URLs which can lead to remote code executeion.
|
|     References:
|_      http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/multi/misc/java_rmi_server.rb

Requires

• bin
• rmi
• shortport
• stdnse
• string
• vulns

Author: Aleksandar Nikolic

License: VER007 整理 http://www.ver007.com