Ermir – An Evil Java RMI Registry
Ermir is an Evil/Rogue RMI Registry, it
public String[] list(): list() asks the registry for all the bound objects names, while String type cannot be subsitued with a malicious gadget as it is not like any ordinary object and it is not read using readObject() but rather readUTF(), however as list() returns String[] which is an actual object and it is read using
public void bind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2): bind() binds an object to a name on the registry, in bind() case the return type is void and there is nothing being returned, however if the registry specifies in the RMI return data packet that this return is an execptional return, the client/server client will call
public void rebind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2): rebind() replaces the binding of the passed name with the supplied remote reference, also returns void, Ermir returns an exception just like bind().
public void unbind(java.lang.String $param_String_1): unbind() unbinds a remote object by name in the RMI registry, this one also returns void.
PoC
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/hakivvi/ermir. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
License
The gem is available as open source under the terms of the MIT License.
Code of Conduct
Everyone interacting in the Ermir project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
