24 lines
628 B
YAML
24 lines
628 B
YAML
|
id: java-rmi-detect
|
||
|
|
||
|
info:
|
||
|
name: Java RMI Protocol Detection
|
||
|
author: F1tz
|
||
|
severity: info
|
||
|
tags: network,rmi,java
|
||
|
description: |
|
||
|
A security vulnerability in the Remote Method Invocation component of the Java Runtime Environment allows unauthenticated network attacks which can result in unauthorized operating system takeover including arbitrary code execution.
|
||
|
|
||
|
network:
|
||
|
- inputs:
|
||
|
- data: "{{hex_decode('4a524d4900024b')}}"
|
||
|
|
||
|
host:
|
||
|
- "{{Hostname}}"
|
||
|
read-size: 1024
|
||
|
|
||
|
matchers:
|
||
|
- type: regex
|
||
|
part: raw
|
||
|
regex:
|
||
|
- "^N\\x00\\x0e(\\d{1,3}\\.){3}\\d{1,3}\\x00\\x00"
|