Closed executionByFork closed 3 years ago
Hi @executionByFork,
Happy to help!
The warnings are happening because RMIScout dependencies require JRE 8 (e.g., CORBA and ysoserial) so functionality is limited on newer JREs. For more details, see the troubleshooting section: https://github.com/BishopFox/rmiscout#troubleshooting
I've seen a few false positives for RMI from nmap (e.g., JNDI services). Would you mind sharing the results of the nmap rmi-dumpregistry script?
nmap --script rmi-dumpregistry <host> -p <port> -Pn
Thank you!
Jake
Hm, it seems the nmap script returns no output when used on that host and port (besides port info). The nmap script does return output when used on another host, which has RMI over the typical port 1099. So, I think this may actually be a false positive RMI finding from nmap.
Just to clarify, this nmap script always returns information when the service on the given port is RMI, right? So if no information is returned from the script, it can be assumed that the service is not RMI? Or are there instances you are aware of in which this script will return no output for an actual RMI port?
Yes, my guess is that it is likely a false positive RMI finding from NMAP. It's possible there may be a string literal "RMI" in the server response that is causing a false positive.
It's possible that it's a proprietary protocol and does not use JRMP/IIOP. Here was a previous instance of such a finding: https://github.com/BishopFox/rmiscout/issues/9#issuecomment-752239382
I hope that helps!
Jake
Bug: ClassNotFoundException always printed
It seems any time that the rmiscout jar is run, the above stack trace about
LogWrapperBase
is printed. It seems as if the jar is working fine other than printing the error, but this is also the first time I am attempting to use it so I'm not sure if any functionality is affected.I do have a server with an RMI port open according to nmap
However when running
java -jar rmiscout-1.4-SNAPSHOT-all.jar list TARGET_IP 41428
, the tool reports the following:Because of the exception, and the fact that nmap reports the port as an RMI service, I am worried that
rmiscout
is not working properly.This jar file was directly downloaded from the repository releases page, v1.4 specifically. https://github.com/BishopFox/rmiscout/releases/tag/v1.4
Java version:
I am running Kali Linux if that matters for some reason.