Package eu.tneitzel.rmg.internal

Enum RMGOption

  • All Implemented Interfaces:
    eu.tneitzel.argparse4j.global.IOption, Serializable, Comparable<RMGOption>
    public enum RMGOption
extends Enum<RMGOption>
implements eu.tneitzel.argparse4j.global.IOption
    The RMGOption enum is an additional helper class to manage command line parameters. remote-method-guesser uses argparse4j to parse command line arguments. After command line arguments were parsed, each of them is stored within one of the enum items contained within the RMGOption class. This allows other parts of the program to access arguments via static references. This is usually not best practice, as it makes the program behavior dependent on a global state, which is usually not what you want. On the other hand, it has some advantages, as certain problems become easy solvable. As remote-method-guesser is not a library, we go with the non best practice approach and enjoy the benefits of having global argument access.
    Author:
    Tobias Neitzel (@qtc_de)

    • Enum Constant Detail

      • GLOBAL_CONFIG

        public static final RMGOption GLOBAL_CONFIG
        path to a configuration file

      • GLOBAL_VERBOSE

        public static final RMGOption GLOBAL_VERBOSE
        enable verbose output

      • GLOBAL_PLUGIN

        public static final RMGOption GLOBAL_PLUGIN
        file system path to a rmg plugin

      • GLOBAL_NO_COLOR

        public static final RMGOption GLOBAL_NO_COLOR
        disable colored output

      • GLOBAL_STACK_TRACE

        public static final RMGOption GLOBAL_STACK_TRACE
        display stack traces for caught exceptions

      • TARGET_HOST

        public static final RMGOption TARGET_HOST
        target host

      • TARGET_PORT

        public static final RMGOption TARGET_PORT
        target port

      • TARGET_COMPONENT

        public static final RMGOption TARGET_COMPONENT
        target RMI component

      • TARGET_BOUND_NAME

        public static final RMGOption TARGET_BOUND_NAME
        target bound name within an RMI registry

      • TARGET_OBJID

        public static final RMGOption TARGET_OBJID
        target ObjID

      • TARGET_SIGNATURE

        public static final RMGOption TARGET_SIGNATURE
        target method signature

      • CONN_FOLLOW

        public static final RMGOption CONN_FOLLOW
        follow redirects to different servers

      • CONN_SSL

        public static final RMGOption CONN_SSL
        use SSL for connections

      • SCAN_TIMEOUT_READ

        public static final RMGOption SCAN_TIMEOUT_READ
        scan timeout for read operation

      • SCAN_TIMEOUT_CONNECT

        public static final RMGOption SCAN_TIMEOUT_CONNECT
        scan timeout for connect operation

      • SSRF_GOPHER

        public static final RMGOption SSRF_GOPHER
        print SSRF content as gopher payload

      • SSRF

        public static final RMGOption SSRF
        print SSRF payload instead of contacting a server

      • SSRFRESPONSE

        public static final RMGOption SSRFRESPONSE
        evaluate SSRF response from the server

      • SSRF_ENCODE

        public static final RMGOption SSRF_ENCODE
        double URL encode the SSRF payload

      • SSRF_RAW

        public static final RMGOption SSRF_RAW
        print payload without color and without additional text

      • SSRF_STREAM_PROTOCOL

        public static final RMGOption SSRF_STREAM_PROTOCOL
        use the stream protocol instead of single operation

      • BIND_OBJID

        public static final RMGOption BIND_OBJID
        ObjID of the bound object.

      • BIND_ADDRESS

        public static final RMGOption BIND_ADDRESS
        host specifications the bound remote object should point to

      • BIND_BOUND_NAME

        public static final RMGOption BIND_BOUND_NAME
        Bound name to use for (un)bind action

      • BIND_BYPASS

        public static final RMGOption BIND_BYPASS
        attempt localhost bypass (CVE-2019-2684)

      • BIND_GADGET_NAME

        public static final RMGOption BIND_GADGET_NAME
        attempt to bind the specified gadget instead of JMXServer

      • BIND_GADGET_CMD

        public static final RMGOption BIND_GADGET_CMD
        command for a custom gadget

      • CODEBASE_CLASS

        public static final RMGOption CODEBASE_CLASS
        classname to load during codebase attack

      • CODEBASE_URL

        public static final RMGOption CODEBASE_URL
        codebase URL to load the payload from

      • LISTEN_IP

        public static final RMGOption LISTEN_IP
        IP address to start the listener on

      • LISTEN_PORT

        public static final RMGOption LISTEN_PORT
        port number to start the listener on

      • ROGUEJMX_OBJID

        public static final RMGOption ROGUEJMX_OBJID
        ObjID to use for the JMX listener

      • ROGUEJMX_FORWARD_HOST

        public static final RMGOption ROGUEJMX_FORWARD_HOST
        host to forward incoming JMX connections to

      • ROGUEJMX_FORWARD_PORT

        public static final RMGOption ROGUEJMX_FORWARD_PORT
        port to forward incoming JMX connections to

      • ROGUEJMX_FORWARD_BOUND_NAME

        public static final RMGOption ROGUEJMX_FORWARD_BOUND_NAME
        bound name to forward incoming JMX connections to

      • ROGUEJMX_FORWARD_OBJID

        public static final RMGOption ROGUEJMX_FORWARD_OBJID
        ObjID to forward incoming JMX connections to

      • GUESS_WORDLIST_FILE

        public static final RMGOption GUESS_WORDLIST_FILE
        wordlist file to use for method guessing

      • GUESS_WORDLIST_FOLDER

        public static final RMGOption GUESS_WORDLIST_FOLDER
        location of the wordlist folder

      • GUESS_CREATE_SAMPLES

        public static final RMGOption GUESS_CREATE_SAMPLES
        create sample classes for identified methods

      • GUESS_SAMPLE_FOLDER

        public static final RMGOption GUESS_SAMPLE_FOLDER
        folder used for sample generation

      • GUESS_TEMPLATE_FOLDER

        public static final RMGOption GUESS_TEMPLATE_FOLDER
        location of the template folder

      • GUESS_TRUSTED

        public static final RMGOption GUESS_TRUSTED
        disable bound name filtering

      • GUESS_FORCE_GUESSING

        public static final RMGOption GUESS_FORCE_GUESSING
        force guessing on known remote objects

      • GUESS_DUPLICATES

        public static final RMGOption GUESS_DUPLICATES
        guess duplicate remote classes

      • GUESS_UPDATE

        public static final RMGOption GUESS_UPDATE
        update wordlist file with method hashes

      • GUESS_ZERO_ARG

        public static final RMGOption GUESS_ZERO_ARG
        allow guessing on void functions (dangerous)

      • GADGET_NAME

        public static final RMGOption GADGET_NAME
        gadget name to use for the deserialization attack

      • GADGET_CMD

        public static final RMGOption GADGET_CMD
        command to pass for the specified gadget

      • ENUM_BYPASS

        public static final RMGOption ENUM_BYPASS
        attempt localhost bypass during enum

      • ENUM_ACTION

        public static final RMGOption ENUM_ACTION
        scan actions to perform during the enumeration

      • SCAN_HOST

        public static final RMGOption SCAN_HOST
        host to perform the scan on

      • SCAN_PORTS

        public static final RMGOption SCAN_PORTS
        port specifications to perform the portscan on

      • CALL_ARGUMENTS

        public static final RMGOption CALL_ARGUMENTS
        argument string to use for the call

      • OBJID_OBJID

        public static final RMGOption OBJID_OBJID
        ObjID string to parse

      • KNOWN_CLASS

        public static final RMGOption KNOWN_CLASS
        classname to check within the database

      • ACTIVATION

        public static final RMGOption ACTIVATION
        enable activation for ActivatableRef

      • FORCE_ACTIVATION

        public static final RMGOption FORCE_ACTIVATION
        force activation of ActivatableRef

      • ARGUMENT_POS

        public static final RMGOption ARGUMENT_POS
        payload argument position

      • NO_CANARY

        public static final RMGOption NO_CANARY
        do not use a canary during RMI attacks

      • NO_PROGRESS

        public static final RMGOption NO_PROGRESS
        disable progress bars

      • THREADS

        public static final RMGOption THREADS
        maximum number of threads (default: 5)

      • YSO

        public static final RMGOption YSO
        location of ysoserial.jar for deserialization attacks

      • DGC_METHOD

        public static final RMGOption DGC_METHOD
        method to use for dgc operations

      • REG_METHOD

        public static final RMGOption REG_METHOD
        method to use for registry operations

      • SERIAL_VERSION_UID

        public static final RMGOption SERIAL_VERSION_UID
        serialVersionUID to use for RMI stubs

      • PAYLOAD_SERIAL_VERSION_UID

        public static final RMGOption PAYLOAD_SERIAL_VERSION_UID
        serialVersionUID to use for payload classes

      • SOCKET_FACTORY_PLAIN

        public static final RMGOption SOCKET_FACTORY_PLAIN
        enforce plaintext connections from dynamically created socket factories

      • SOCKET_FACTORY_SSL

        public static final RMGOption SOCKET_FACTORY_SSL
        enforce SSL connections from dynamically created socket factories

      • SOCKET_FACTORY

        public static final RMGOption SOCKET_FACTORY
        dynamically create a socket factory class with the specified name

      • SPRING_REMOTING

        public static final RMGOption SPRING_REMOTING
        enforce method calls to be dispatched via spring remoting

      • GENERIC_PRINT

        public static final RMGOption GENERIC_PRINT
        attempt to output the return value using GenericPrint

    • Field Detail

      • value

        public Object value
        the value of the option

    • Method Detail

      • values

        public static RMGOption[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (RMGOption c : RMGOption.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static RMGOption valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null

      • getValue

        public <T> T getValue()
        Returns the value stored within the option.
        Specified by:
        getValue in interface eu.tneitzel.argparse4j.global.IOption
        Type Parameters:
        T - type of the value
        Returns:
        value stored within the option

      • setValue

        public void setValue​(Object value)
        Sets the option to the specified value.
        Specified by:
        setValue in interface eu.tneitzel.argparse4j.global.IOption
        Parameters:
        value - Object value to set for this option

      • requireTarget

        public static void requireTarget()
        Helper function that calls requireOneOf with target related options. This is used by functions that require a target that could either be an RMI component, a bound name or an ObjID.

      • getArgumentAction

        public eu.tneitzel.argparse4j.inf.ArgumentAction getArgumentAction()
        Specified by:
        getArgumentAction in interface eu.tneitzel.argparse4j.global.IOption

      • getArgumentModifiers

        public eu.tneitzel.argparse4j.global.modifiers.IArgumentModifier[] getArgumentModifiers()
        Specified by:
        getArgumentModifiers in interface eu.tneitzel.argparse4j.global.IOption

      • getDescription

        public String getDescription()
        Specified by:
        getDescription in interface eu.tneitzel.argparse4j.global.IOption

      • getGroup

        public eu.tneitzel.argparse4j.global.IOptionGroup getGroup()
        Specified by:
        getGroup in interface eu.tneitzel.argparse4j.global.IOption

      • getName

        public String getName()
        Specified by:
        getName in interface eu.tneitzel.argparse4j.global.IOption

      • getEnumName

        public String getEnumName()
        Specified by:
        getEnumName in interface eu.tneitzel.argparse4j.global.IOption