Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File jdwp-exec

Script types: portrule
Categories: exploit, intrusive
Download: http://nmap.org/svn/scripts/jdwp-exec.nse

User Summary

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script abuses this to inject and execute a Java class file that executes the supplied shell command and returns its output.

The script injects the JDWPSystemInfo class from nselib/jdwp-class/ and executes its run() method which accepts a shell command as its argument.

Script Arguments

jdwp-exec.cmd

Command to execute on the remote system.

Example Usage

nmap -sT <target> -p <port> --script=+jdwp-exec --script-args cmd="date"

Script Output

PORT     STATE SERVICE REASON
2010/tcp open  search  syn-ack
| jdwp-exec:
|   date output:
|   Sat Aug 11 15:27:21 Central European Daylight Time 2012
|_

Requires


Author: Aleksandar Nikolic

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]