JNDI-Exploit
JNDI-Exploit is a fork from the deleted project ftom the user feihong-cs on GitHub.
To learn more about JNDI and what you can do with this exploit please refer to this document :
Usage ?
-
Can be used in the CVE-2021-44228 aka log4shell to achieve RCE (Remote Code Execution). More on that here
-
For more detailed usage of this exploit you can refer to the former Readme.md (Chinesse)
How to run this project ?
As for running this project, two option are possible. First one, run it directly from your IDE (Do not forget to add the arguments.)
Usage: java -jar JNDIExploit.jar [options]
Options:
* -i, --ip Local ip address
-l, --ldapPort Ldap bind port (default: 1389)
-p, --httpPort Http bind port (default: 8080)
-u, --usage Show usage (default: false)
-h, --help Show this help
Dockerfile
Or via Docker using :
git clone https://github.com/nil-malh/JNDI-Exploit.git
cd ./JNDI-Exploit
docker build -t jndiexploit .
docker run -it \
-p 1389:1389 \
-e LDAP_PORT=1389 \
-p 80:80 \
-e HTTP_PORT=80 \
jndiexploit
Security Notice
This exploit can be extermely powerful when combined with the log4shell exploit. Use this on your own environment/infrastructure.
If you found an vulnerability in a service you use. Please contact the system admin as soon as possible to patch the issue.
Authors
-
@feihong-cs, his work is truely amazing make sure to check it out.
-
Huge thanks to la-ferro for convincing me to publish this
❤️ . More is to come :)