Comments (4)
So, I did a little research. This appears to be a deprecated JBOSS JNDI service. I verified this via a local install of an older version of JBOSS (using https://hub.docker.com/r/paulosalgado/jboss5). This was the response I got from the 1099 port:
��srjava.rmi.MarshalledObject|���c�>IhashlocBytest[BobjBytesq~xp4m�ur[B��T�xp*��thttp://server:8083/q~q~uq~ì�sr org.jnp.server.NamingServer_Stubxr�java.rmi.server.RemoteStub���ɋ�e�xrjava.rmi.server.RemoteObject�a��
a3xpw7
UnicastRef2
9f704f1eadebJh��DAx/p$q�uv�1�=�x^C
References:
- https://developer.jboss.org/thread/30629
- https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/jboss-jboss-monitoring/jboss-troubleshooting.html
- https://tekslate.com/jndi-administration-jboss
There wasn't much information, but from what I can find, this JNDI service provides a connection stub for other services. It's a non-JRMP service, not an rmiregistry, and I'm not sure if it's even an interactive service, so unfortunately RMIScout won't be able to help you with this endpoint. I believe it's targeted at JMX remote management and that 18083
port above may be a more interesting service.
There is some guidance on connecting to/attacking JMX services here:
- https://developer.jboss.org/docs/DOC-17485
- https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/
Best of luck! :)
(Closing the ticket, as this particular service returns a JNDI stub and is not an RMI service.)
from rmiscout.
Hey @b4cktr4ck2,
Happy to help out! Could you try running java -jar rmiscout-1.4-SNAPSHOT-all.jar list <IP> <PORT>
? RMIScout automatically bypasses cert validation, but that error could occur if there is unrecognized protocol (e.g., non-RMI). As the error message indicated, it's possible the remote service uses IIOP (usually runs on port 1050). You will need to run RMIScout with JRE 8 to use the IIOP feature.
If the above command, doesn't help. Try nmap --script rmi-dumpregistry <IP> -p <PORT> -Pn
, which is the nmap equivalent.
Let me know what you find!
Jake
from rmiscout.
Hey Jake- sure thing! I ran the command you recommended and got the following message from rmiscout:
Server is offline or does not use RMI, RMI-SSL, or RMI-IIOP.
What's interesting is that the nmap script doesn't return any data either- the only way I can get data from this port is from the "Fingerprint-Strings" script, which returns:
PORT STATE SERVICE REASON VERSION
11099/tcp open java-object syn-ack Java Object Serialization
| fingerprint-strings:
| NULL:
| java.rmi.MarshalledObject|
| hash[
| locBytest
| objBytesq
| %http://HOSTNAME.LOCAL:18083/q
| org.jnp.server.NamingServer_Stub
| java.rmi.server.RemoteStub
| java.rmi.server.RemoteObject
| xpwB
| UnicastRef2
Additionally, I noticed that when attempting to curl the host on port 11099, I receive an error message stating something about an sslv3 invalid handshake...I know my OpenSSL version was built without SSLV3 support- is it possible that this is the issue? The server doesn't support TLSv1.0 or anything newer than SSLv3.
Cheers!
from rmiscout.
Thanks for the insight Jake!
from rmiscout.
Related Issues (16)
- demo does not work
- java.lang.ClassNotFoundException: com.sun.corba.se.spi.logging.LogWrapperBase HOT 3
- RMI services generated by Spring Framework's RmiInvocationHandler?
- [ERROR] RMI Activation Server detected. Re-run with --activation-server
- Is RMIConnector process logic get mistake?
- Errors when trying out the demo
- Dockerfile does not work HOT 1
- No workey
- Gradle build fails on ysoserial dependency
- Build the project manually HOT 2
- javassist.CannotCompileException HOT 8
- Detect Objects Exposed via javax.rmi.ssl.SslRMIClientSocketFactory HOT 2
- [ERROR] Dummy parameter names are required for method signature (e.g., -s 'boolean login(java.lang.String a, java.lang.String b)') HOT 2
- javassist.CannotCompileException: [source error] syntax error near " android.os.IBinder " HOT 1
- Error in openjdk version "11.0.7-ea" 2020-04-14 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rmiscout.