welk1n / jndi-injection-exploit Goto Github PK
View Code? Open in Web Editor NEWJNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
License: MIT License
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
License: MIT License
hi guys i dont find the way to run this server like in the command you provide?
thank you
I have tweaked the code to use the new Groovy payload given by orange last month.
However in my usecase , i dont have a direct initialContext.lookup available. What i have is the path below-
However right now its failing at line 104 in http://cr.openjdk.java.net/~mduigou/7072353/3/webrev/src/share/classes/com/sun/jndi/rmi/registry/RegistryContextFactory.java.html#104
As the object sent back from the EVIL RMI server is not an instance of Context?
ANy suggestions if this can still be exploited?
javax.naming.NotContextException: rmi://54.x.x.x:1099/ngiawf
at com.sun.jndi.rmi.registry.RegistryContextFactory.URLToContext(RegistryContextFactory.java:107) ~[?:1.8.0_222]
at com.sun.jndi.rmi.registry.RegistryContextFactory.getInitialContext(RegistryContextFactory.java:69) ~[?:1.8.0_222]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_222]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_222]
at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_222]
at javax.naming.InitialContext.<init>(InitialContext.java:216) ~[?:1.8.0_222]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) ~[?:1.8.0_222]
I have tried to combine the execbyGroovy code from JNDI-Injection-Bypass to JNDI-Injection-Exploit.
Im getting the following error when launching the exploit:-
java.lang.IllegalArgumentException: Can not set javax.naming.Reference field com.sun.jndi.rmi.registry.ReferenceWrapper.wrappee to com.sun.jndi.rmi.registry.ReferenceWrapper
2020-04-28 12:18:17 [RMISERVER] >> Sending local classloading reference.
java.lang.IllegalArgumentException: Can not set javax.naming.Reference field com.sun.jndi.rmi.registry.ReferenceWrapper.wrappee to com.sun.jndi.rmi.registry.ReferenceWrapper
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)
at sun.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)
at java.lang.reflect.Field.set(Field.java:764)
at util.Reflections.setFieldValue(Reflections.java:34)
at jndi.RMIRefServer.handleRMI(RMIRefServer.java:353)
at jndi.RMIRefServer.doCall(RMIRefServer.java:304)
at jndi.RMIRefServer.doMessage(RMIRefServer.java:250)
at jndi.RMIRefServer.run(RMIRefServer.java:195)
at java.lang.Thread.run(Thread.java:748)
Im using Reflections.setFieldValue(rw, "wrappee", execByGroovy());
using the same one as for execByEL, is this right?
@welk1n any suggestions?
下载完源码按照方法二编译后尝试了本地演示的命令报错如下:
Exception in thread "main" java.net.BindException: Address already in use (Bind failed)
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:513)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.(ServerSocket.java:237)
at java.net.ServerSocket.(ServerSocket.java:128)
at javax.net.DefaultServerSocketFactory.createServerSocket(ServerSocketFactory.java:218)
at jndi.RMIRefServer.(RMIRefServer.java:81)
at run.ServerStart.(ServerStart.java:142)
at run.ServerStart.main(ServerStart.java:83)
Hi @welk1n ,
I can see that you have a malicious RMI server option when trustURLcodebase is set to false and java version is 1.8.191+
I was wondering if we can do the same thing via an LDAP Server as well.
Thanks
Hello,
Nothing seems to execute while referencing the above printout msg from your logj4 exploit. Any reason why open http://google.com is not working?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.