Library rmi

Library method for communicating over RMI (JRMP + java serialization)

This is a not complete RMI implementation for Lua, which is meant to be able to invoke methods and parse returnvalues which are simple, basically the java primitives. This can be used to e.g dump out the registry, and perform authentication against e.g JMX-services.

This library also contains some classes which works pretty much like the java classes BufferedReader, BufferedWriter, DataOutputStream and DataInputStream.

Most of the methods in the RMIDataStream class is based on the OpenJDK RMI Implementation, and I have kept the methodnames as they are in java, so it should not be too hard to find the corresponding functionality in the jdk codebase to see how things 'should' be done, in case there are bugs or someone wants to make additions. I have only implemented the things that were needed to get things working, but it should be pretty simple to add more functionality by lifting over more stuff from the jdk.

The interesting classes in OpenJDK are: java.io.ObjectStreamConstants java.io.ObjectStreamClass java.io.ObjectInputStream sun.rmi.transport.StreamRemoteCall and a few more.

If you want to add calls to classes you know of, you can use e.g Jode to decompile the stub-class or skeleton class and find out the details that are needed to perform an RMI method invocation. Those are Class hashcode Method number (each method gets a number) Arguments f You also need the object id (so the remote server knows what instance you are talking to). That can be fetched from the registry (afaik) but not currently implemented. Some object ids are static : the registry is always 0

Author:

  • Martin Holst Swende

Copyright © Same as Nmap--See https://nmap.org/book/man-legal.html

Source: https://svn.nmap.org/nmap/nselib/rmi.lua

Functions

bufferSize (self)

canRead (self, count)

This method blocks until the specified number of bytes have been read from the socket and are available for the caller to read, e.g via the unpack function

peekByte (self)

Tries to read a byte, without consuming it.

peekUnpack (self, format)

This function works just like string.unpack (in fact, it is merely a wrapper around it. However, it uses the data already read into the buffer, and the internal position. This method does not update the current position, and the data can be read again

readObject0 (dis)

Deserializes a serialized java object

Registry:list ()

List the named objects in the remote RMI registry

Registry:lookup (name)

Perform a lookup on an object in the Registry, takes the name which is bound in the registry as argument

RmiDataStream:connect (host, port)

Connects to a remote service. The connection process creates a socket and does some handshaking. If this is successful, we are definitely talking to an RMI service.

RmiDataStream:invoke (objNum, hash, op, arguments)

Invokes a method over RMI

RmiDataStream:readReturnData (dis)

Reads an RMI ReturnData packet

skip (self, len)

Skips a number of bytes

UnicastRef (dis)

UnicastRef2 (dis)

unpack (self, format)

This function works just like string.unpack (in fact, it is merely a wrapper around it. However, it uses the data already read into the buffer, and the internal position

Functions

bufferSize (self)

Parameters

self
 

Return value:

Returns the number of bytes already available for reading
canRead (self, count)

This method blocks until the specified number of bytes have been read from the socket and are available for the caller to read, e.g via the unpack function

Parameters

self
 
count
 
peekByte (self)

Tries to read a byte, without consuming it.

Parameters

self
 

Return values:

  1. status
  2. bytevalue
peekUnpack (self, format)

This function works just like string.unpack (in fact, it is merely a wrapper around it. However, it uses the data already read into the buffer, and the internal position. This method does not update the current position, and the data can be read again

Parameters

self
 
format
 

Return value:

the unpacked value (NOT the index)
readObject0 (dis)

Deserializes a serialized java object

Parameters

dis
 
Registry:list ()

List the named objects in the remote RMI registry

Return values:

  1. status
  2. a table of strings , or error message
Registry:lookup (name)

Perform a lookup on an object in the Registry, takes the name which is bound in the registry as argument

Parameters

name
 

Return values:

  1. status
  2. JavaClass-object
RmiDataStream:connect (host, port)

Connects to a remote service. The connection process creates a socket and does some handshaking. If this is successful, we are definitely talking to an RMI service.

Parameters

host
 
port
 
RmiDataStream:invoke (objNum, hash, op, arguments)

Invokes a method over RMI

Parameters

objNum
-object id (target of call)
hash
- the hashcode for the class that is invoked
op
- the operation number (method) invoked
arguments
- optional, if arguments are needed to this method. Should be an Arguments table or something else which has a getData() function to get binary data

Return values:

  1. status
  2. a JavaClass instance
RmiDataStream:readReturnData (dis)

Reads an RMI ReturnData packet

Parameters

dis
a JavaDIS inputstream
skip (self, len)

Skips a number of bytes

Parameters

self
 
len
the number of bytes to skip
UnicastRef (dis)

Parameters

dis
 

See also:

UnicastRef2 (dis)

Parameters

dis
 

See also:

unpack (self, format)

This function works just like string.unpack (in fact, it is merely a wrapper around it. However, it uses the data already read into the buffer, and the internal position

Parameters

self
 
format
 

Return value:

the unpacked value (NOT the index)