Nmap jdwp-inject NSE Script
This page contains detailed information about how to use the jdwp-inject NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Select: |
---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/jdwp-inject.nse
Script categories: exploit, intrusive
Target service / protocol: tcp
Target network port(s): any
List of CVEs: -
Script Description
The jdwp-inject.nse script attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script allows injection of arbitrary class files.
After injection, class' run() method is executed. Method run() has no parameters, and is expected to return a string.
You must specify your own .class file to inject by filename
argument.
See nselib/data/jdwp-class/README for more.
Jdwp-inject NSE Script Arguments
This is a full list of arguments supported by the jdwp-inject.nse script:
jdwp-inject.filename
Java .class
file to inject.
- - -
To use this script argument, add it to Nmap command line like in this example:
nmap --script=jdwp-inject --script-args jdwp-inject.filename=value <target>
Jdwp-inject NSE Script Example Usage
Here's an example of how to use the jdwp-inject.nse script:
nmap -sT <target> -p <port> --script=+jdwp-inject --script-args filename=HelloWorld.class
Jdwp-inject NSE Script Example Output
Here's a sample output from the jdwp-inject.nse script:
PORT STATE SERVICE REASON
2010/tcp open search syn-ack
| jdwp-inject:
|_ Hello world from the remote machine!
Jdwp-inject NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file>
option, Nmap will produce a XML output and save it in the file.xml
file.
Author
- Aleksandar Nikolic
References
- https://nmap.org/nsedoc/scripts/jdwp-inject.html
- https://github.com/nmap/nmap/tree/master/scripts/jdwp-inject.nse
See Also
Related NSE scripts to the jdwp-inject.nse script:
Visit Nmap NSE Library for more scripts.
The jdwp-inject.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
error, %s
Here is a relevant code snippet related to the "error, %s" error message:
41:
42: action = function(host, port)
43: stdnse.sleep(5) -- let the remote socket recover from connect() scan
44: local status,socket = jdwp.connect(host,port) -- initialize the connection
45: if not status then
46: stdnse.debug1("error, %s",socket)
47: return nil
48: end
49:
50: -- read .class file
51: local filename = stdnse.get_script_args(SCRIPT_NAME .. '.filename')
This script requires a .class file to inject.
Here is a relevant code snippet related to the "This script requires a .class file to inject." error message:
48: end
49:
50: -- read .class file
51: local filename = stdnse.get_script_args(SCRIPT_NAME .. '.filename')
52: if filename == nil then
53: return stdnse.format_output(false, "This script requires a .class file to inject.")
54: end
55: local file = io.open(nmap.fetchfile(filename) or filename, "rb")
56: local class_bytes = file:read("a")
57: file:close()
58:
Failed to inject class
Here is a relevant code snippet related to the "Failed to inject class" error message:
58:
59: -- inject the class
60: local injectedClass
61: status,injectedClass = jdwp.injectClass(socket,class_bytes)
62: if not status then
63: stdnse.debug1("Failed to inject class")
64: return stdnse.format_output(false, "Failed to inject class")
65: end
66: -- find injected class method
67: local runMethodID = jdwp.findMethod(socket,injectedClass.id,"run",false)
68:
Failed to inject class
Here is a relevant code snippet related to the "Failed to inject class" error message:
59: -- inject the class
60: local injectedClass
61: status,injectedClass = jdwp.injectClass(socket,class_bytes)
62: if not status then
63: stdnse.debug1("Failed to inject class")
64: return stdnse.format_output(false, "Failed to inject class")
65: end
66: -- find injected class method
67: local runMethodID = jdwp.findMethod(socket,injectedClass.id,"run",false)
68:
69: if runMethodID == nil then
Couldn't find run method.
Here is a relevant code snippet related to the "Couldn't find run method." error message:
66: -- find injected class method
67: local runMethodID = jdwp.findMethod(socket,injectedClass.id,"run",false)
68:
69: if runMethodID == nil then
70: stdnse.debug1("Couldn't find run method")
71: return stdnse.format_output(false, "Couldn't find run method.")
72: end
73:
74: -- invoke run method
75: local result
76: status, result = jdwp.invokeObjectMethod(socket,0,injectedClass.instance,injectedClass.thread,injectedClass.id,runMethodID,0,nil)
Version
This page has been created based on Nmap version 7.92.
Go back to menu.