Package eu.tneitzel.rmg.operations

Class Dispatcher

  • public class Dispatcher
extends Object
    The dispatcher class contains all method definitions for the different rmg actions. It obtains a reference to the ArgumentParser object and extracts all required arguments parameters for the corresponding method calls. Methods within the Dispatcher class can be annotated with the Parameters annotation to specify additional requirements on their expected arguments. Refer to the eu.tneitzel.rmg.annotations.Parameters class for more details. To add a new operation to rmg, the operation must first be registered within the eu.tneitzel.rmg.operations.Operation class. A new Operation needs to be created there that references the corresponding method within this class.
    Author:
    Tobias Neitzel (@qtc_de)

    • Constructor Detail

      • Dispatcher

        public Dispatcher​(ArgumentHandler p)
        Creates the dispatcher object.
        Parameters:
        p - ArgumentParser object that contains the current command line specifications

    • Method Detail

      • getRMIEndpoint

        public RMIEndpoint getRMIEndpoint()
        Creates an RMIEndpoint object from the target host and port specified on the command line. Additionally initializes the method candidate attribute if a method signature was specified.
        Returns:
        RMIEndpoint to the host:port configuration specified on the command line

      • dispatchListen

        public void dispatchListen()
        Dispatches the listen action. Basically just a handover to ysoserial.

      • dispatchSerial

        public void dispatchSerial()
        Performs deserialization attacks on default RMI components (RMI registry, DGC, Activator). The targeted component needs to be specified within the --signature option.

      • dispatchCall

        public void dispatchCall()
        Performs the genericCall operation on a RemoteObjectClient object. Used for legitimate RMI calls on user registered RMI objects. Targets can be specified by bound name or ObjID.

      • dispatchCodebase

        public void dispatchCodebase()
        Performs a codebase attack. The actual target is determined by the value of the --signature option. If the signature is a real method signature, a target needs to be specified by bound name or ObjID. Otherwise, the --signature is expected to be one of act, dgc or reg.

      • dispatchBind

        public void dispatchBind()
        Performs the bind operation on the RegistryClient object. Binds the user specified gadget to the targeted registry.

      • dispatchRebind

        public void dispatchRebind()
        Performs the rebind operation on the RegistryClient object. Binds the user specified gadget to the targeted registry.

      • dispatchUnbind

        public void dispatchUnbind()
        Performs the unbind operation on the RegistryClient object. Removes a bound name from the targeted registry endpoint.

      • dispatchEnum

        public void dispatchEnum()
        Performs rmg's enumeration action. During this action, several different vulnerability types are enumerated.

      • dispatchGuess

        public void dispatchGuess()
        Performs a method guessing attack. During this operation, the specified wordlist files are parsed for valid method definitions and each method is invoked on the targeted RMI endpoint. Currently, this operation is only supported on registry endpoints and cannot be performed using the --objid option.

      • dispatchKnown

        public void dispatchKnown()
        Is called when using remote-method-guesser's 'known' action. Actually requires only a single argument that is the class name to lookup within the database of KnownEndpoints. However, due to the argument parsing logic of remote-method-guesser, you need to specify the host and port arguments as well.

      • dispatchPortScan

        public void dispatchPortScan()
        Performs a primitive portscan for RMI services. Targeted ports are usually obtained from the configuration file, but can also be supplied by the user.

      • dispatchObjID

        public void dispatchObjID()
        Prints detailed information on the user specified ObjID.

      • dispatchRogueJMX

        public void dispatchRogueJMX()
        Creates a rogue JMX server. The target specification which normally identifies the remote endpoint is used to identify where the rogue JMX server should listen. An additional endpoint specification can be made using host:port syntax to forward jmx connections to.