JNDI-Exploit is a fork from the deleted project ftom the user feihong-cs on GitHub.
To learn more about JNDI and what you can do with this exploit please refer to this document :
-
Can be used in the CVE-2021-44228 aka log4shell to achieve RCE (Remote Code Execution). More on that here
-
For more detailed usage of this exploit you can refer to the former Readme.md (Chinesse)
As for running this project, two option are possible. First one, run it directly from your IDE (Do not forget to add the arguments.)
Usage: java -jar JNDIExploit.jar [options]
Options:
* -i, --ip Local ip address
-l, --ldapPort Ldap bind port (default: 1389)
-p, --httpPort Http bind port (default: 8080)
-u, --usage Show usage (default: false)
-h, --help Show this help
Or via Docker using :
git clone https://github.com/nil-malh/JNDI-Exploit.git
cd ./JNDI-Exploit
docker build -t jndiexploit .
docker run -it \
-p 1389:1389 \
-e LDAP_PORT=1389 \
-p 80:80 \
-e HTTP_PORT=80 \
jndiexploit
This exploit can be extermely powerful when combined with the log4shell exploit. Use this on your own environment/infrastructure.
If you found an vulnerability in a service you use. Please contact the system admin as soon as possible to patch the issue.
- @feihong-cs, his work is truely amazing make sure to check it out.