Java Remote Method Invocation Protocol - Detect
ID: java-rmi-detect
Severity: info
Author: F1tz
Tags: network,rmi,java,detect,detection,tcp
Description
Section titled “Description”Java Remote Method Invocation protocol is susceptible to information disclosure. It allows for unauthenticated network attacks, which can result in unauthorized operating system takeover including arbitrary code execution.
YAML Source
Section titled “YAML Source”id: java-rmi-detect
info: name: Java Remote Method Invocation Protocol - Detect author: F1tz severity: info description: | Java Remote Method Invocation protocol is susceptible to information disclosure. It allows for unauthenticated network attacks, which can result in unauthorized operating system takeover including arbitrary code execution. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: max-request: 1 tags: network,rmi,java,detect,detection,tcptcp: - inputs: - data: "{{hex_decode('4a524d4900024b')}}" host: - "{{Hostname}}" read-size: 1024 matchers: - type: regex part: raw regex: - "^N\\x00\\x0e(\\d{1,3}\\.){3}\\d{1,3}\\x00\\x00"# digest: 4a0a00473045022016516e71dc6d49881fa2479bde5356c5bab6e6935831dfffe273dceddb99399a022100d4213650f610445f73f4526c67eed0ebacbc2d1e7d999ae17cbd28939cf9e4df:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "network/detection/java-rmi-detect.yaml"