PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 13:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix naming of Java RMI, which is not always the Registry

Browse Source 
Added explanatory comments and links. The client endpoint identifier is
not the hostname (h// template) of the target. This could be any RMI
endpoint, such as `rmid` and not `rmiregistry`, so using "java-rmi"
instead of "rmiregistry" for the service name. Added port 10990
(rmiaux) based on IANA assignment.

Fixes #1342
This commit is contained in:
dmiller
2018-10-10 03:52:56 +00:00
parent 1ded1f082d
commit 53f5f5652e
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nmap-service-probes
View File

@@ -14694,12 +14694,17 @@ match distccd m|^DONE00000001.*CRITICAL! distcc seems to have invoked itself rec
match distccd m|^[\w._-]+DONE[\w._-]+ .*ERROR: attempt to use unknown compiler aborted: ([\w._-]+)\n|s p/distccd/ i/broken: compiler $1 doesn't exist/
##############################NEXT PROBE##############################
# Java Remote Method Invocation, version 2, stream protocol
# https://docs.oracle.com/javase/9/docs/specs/rmi/protocol.html
Probe TCP JavaRMI q|\x4a\x52\x4d\x49\0\x02\x4b|
rarity 7
ports 706,999,1030,1035,1090,1098,1099,1100-1103,1129,1199,1234,1440,1981,2199,2809,3273,3333,3900,5520,5521,5580,5999,6060,6789,6996,7700,7800,7801,7878,7890,8050,8051,8085,8091,8205,8303,8642,8686,8701,8888-8890,8901-8903,8999,9001,9003-9005,9050,9090,9099,9300,9500,9711,9809,9810-9815,9875,9910,9991,9999,10001,10098,10099,10162,11001,11099,11333,12000,13013,14000,15000,15001,15200,16000,17200,18980,20000,23791,26256,31099,32913,33000,37718,45230,47001,47002,50050,50500-50504
ports 706,999,1030,1035,1090,1098,1099,1100-1103,1129,1199,1234,1440,1981,2199,2809,3273,3333,3900,5520,5521,5580,5999,6060,6789,6996,7700,7800,7801,7878,7890,8050,8051,8085,8091,8205,8303,8642,8686,8701,8888-8890,8901-8903,8999,9001,9003-9005,9050,9090,9099,9300,9500,9711,9809,9810-9815,9875,9910,9991,9999,10001,10098,10099,10162,10990,11001,11099,11333,12000,13013,14000,15000,15001,15200,16000,17200,18980,20000,23791,26256,31099,32913,33000,37718,45230,47001,47002,50050,50500-50504
match rmiregistry m|^\x4e..[0-9.]+\0\0..$|s p/Java RMI/
match rmiregistry m|^\x4e..([\w._-]+)\0\0..$|s p/GNU Classpath grmiregistry/ h/$1/
# 0x4e = ProtocolAck. 0x4f = ProtocolNotSupported.
# 4th byte begins client host ID, which is usually IP address
match java-rmi m|^\x4e..[0-9a-f:.]+\0\0..$|s p/Java RMI/
# GNU Classpath does reverse-lookup of hostname
match java-rmi m|^\x4e..[\w._-]+\0\0..$|s p/GNU Classpath grmiregistry/
# https://github.com/quine/GoProGTFO
match gopro-json m|^\{"rval": -7, "param_size": 0 \}\0| p/GoPro or similar camera json service/ d/webcam/