Nmap NSE Category vulns Script：rmi-vuln-classloader 測試Java rmiregistry是否允許類別加載

• 指令類型：portrule

• 類別：intrusive, vuln

• 下載：https://svn.nmap.org/nmap/scripts/rmi-vuln-classloader.nse

Nmap Script摘要

測試 Java rmiregistry 是否允許類別加載。rmiregistry 的默認配置允許從遠程 URL 加載類別，這可能導致遠程代碼執行。供應商（Oracle/Sun）將此分類為設計特性。

此檢測基於 mihi 的原始 Metasploit 模組。。

參考資料：

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_rmi_server.rb

Nmap Script參數

vulns.short, vulns.showall

查看vulns庫的文檔。

Nmap Script範例

nmap --script=rmi-vuln-classloader -p 1099 <target>

Nmap Script輸出

PORT     STATE SERVICE
1099/tcp open  rmiregistry
| rmi-vuln-classloader:
|   VULNERABLE:
|   RMI registry default configuration remote code execution vulnerability
|     State: VULNERABLE
|     Description:
|               Default configuration of RMI registry allows loading classes from remote URLs which can lead to remote code executeion.
|
|     References:
|_      https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_rmi_server.rb

Nmap Script作者:

Aleksandar Nikolic

License: Same as Nmap--See https://nmap.org/book/man-legal.html

延伸閱讀

• 網路概念

• 技術文章

• 經驗分享

• 軟體介紹

• Nmap（持續更新Script中文翻譯）