Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File jdwp-inject

Script types: portrule
Categories: exploit, intrusive
Download: http://nmap.org/svn/scripts/jdwp-inject.nse

User Summary

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script allows injection of arbitrary class files.

After injection, class' run() method is executed. Method run() has no parameters, and is expected to return a string.

You must specify your own .class file to inject by filename argument. See nselib/data/jdwp-class/README for more.

Script Arguments

jdwp-inject.filename

Java .class file to inject.

Example Usage

nmap -sT <target> -p <port> --script=+jdwp-inject --script-args filename=HelloWorld.class

Script Output

PORT     STATE SERVICE REASON
2010/tcp open  search  syn-ack
| jdwp-inject:
|_  Hello world from the remote machine!

Requires


Author: Aleksandar Nikolic

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault