Skip to content

JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.

License

Notifications You must be signed in to change notification settings

nil-malh/JNDI-Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

JNDI-Exploit

JNDI-Exploit is a fork from the deleted project ftom the user feihong-cs on GitHub.

To learn more about JNDI and what you can do with this exploit please refer to this document :

Usage ?

  • Can be used in the CVE-2021-44228 aka log4shell to achieve RCE (Remote Code Execution). More on that here

  • For more detailed usage of this exploit you can refer to the former Readme.md (Chinesse)

How to run this project ?

As for running this project, two option are possible. First one, run it directly from your IDE (Do not forget to add the arguments.)

Usage: java -jar JNDIExploit.jar [options]
  Options:
  * -i, --ip       Local ip address
    -l, --ldapPort Ldap bind port (default: 1389)
    -p, --httpPort Http bind port (default: 8080)
    -u, --usage    Show usage (default: false)
    -h, --help     Show this help

Dockerfile

Or via Docker using :

git clone https://github.com/nil-malh/JNDI-Exploit.git
cd ./JNDI-Exploit
docker build -t jndiexploit .
docker run -it \
    -p 1389:1389 \
    -e LDAP_PORT=1389 \
    -p 80:80 \
    -e HTTP_PORT=80 \
    jndiexploit

Security Notice

This exploit can be extermely powerful when combined with the log4shell exploit. Use this on your own environment/infrastructure.

If you found an vulnerability in a service you use. Please contact the system admin as soon as possible to patch the issue.

Authors

  • @feihong-cs, his work is truely amazing make sure to check it out.

About

JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published