search

qtc-de / remote-method-guesser

Java RMI Vulnerability Scanner
GNU General Public License v3.0
828 stars 106 forks source link

Getting error #49

Closed santoshinresideo closed 1 year ago

santoshinresideo commented 1 year ago

java -jar rmg-4.4.0-jar-with-dependencies.jar enum 10.x.x.x 11333

[-] Caught unexpected java.lang.reflect.InaccessibleObjectException during lookup call. [-] Please report this to improve rmg :) [-] StackTrace: java.lang.reflect.InaccessibleObjectException: Unable to make protected final java.lang.Class java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) throws java.lang.ClassFormatError accessible: module java.base does not "opens java.lang" to unnamed module @4015e7ec at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354) at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297) at java.base/java.lang.reflect.Method.checkCanSetAccessible(Method.java:199) at java.base/java.lang.reflect.Method.setAccessible(Method.java:193) at javassist.util.proxy.SecurityActions.setAccessible(SecurityActions.java:159) at javassist.util.proxy.DefineClassHelper$JavaOther.defineClass(DefineClassHelper.java:213) at javassist.util.proxy.DefineClassHelper$Java11.defineClass(DefineClassHelper.java:52) at javassist.util.proxy.DefineClassHelper.toClass(DefineClassHelper.java:260) at javassist.ClassPool.toClass(ClassPool.java:1240) at javassist.ClassPool.toClass(ClassPool.java:1098) at javassist.ClassPool.toClass(ClassPool.java:1056) at javassist.CtClass.toClass(CtClass.java:1298) at de.qtc.rmg.utils.RMGUtils.makeInterface(RMGUtils.java:109) at de.qtc.rmg.utils.RMGUtils.makeLegacyStub(RMGUtils.java:140) at de.qtc.rmg.internal.CodebaseCollector.loadClass(CodebaseCollector.java:97) at java.rmi/java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:265) at java.rmi/sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:199) at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2034) at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1898) at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2224) at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1733) at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:509) at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:467) at java.rmi/sun.rmi.registry.RegistryImpl_Stub.lookup(RegistryImpl_Stub.java:127) at de.qtc.rmg.networking.RMIRegistryEndpoint.lookup(RMIRegistryEndpoint.java:165) at de.qtc.rmg.networking.RMIRegistryEndpoint.lookup(RMIRegistryEndpoint.java:145) at de.qtc.rmg.operations.Dispatcher.obtainBoundObjects(Dispatcher.java:101) at de.qtc.rmg.operations.Dispatcher.dispatchEnum(Dispatcher.java:498) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at de.qtc.rmg.operations.Operation.invoke(Operation.java:331) at de.qtc.rmg.Starter.main(Starter.java:26) [-] Cannot continue from here.

qtc-de commented 1 year ago

Hi @santoshinresideo :wave:

should be fixed in v4.4.1. Thanks for reporting :+1:

Best Tobias