JNDI-Exploit

JNDI-Exploit is a fork from the deleted project ftom the user feihong-cs on GitHub.

To learn more about JNDI and what you can do with this exploit please refer to this document :

Usage ?

• Can be used in the CVE-2021-44228 aka log4shell to achieve RCE (Remote Code Execution). More on that here

• For more detailed usage of this exploit you can refer to the former Readme.md (Chinesse)

How to run this project ?

As for running this project, two option are possible. First one, run it directly from your IDE (Do not forget to add the arguments.)

Usage: java -jar JNDIExploit.jar [options]
  Options:
  * -i, --ip       Local ip address
    -l, --ldapPort Ldap bind port (default: 1389)
    -p, --httpPort Http bind port (default: 8080)
    -u, --usage    Show usage (default: false)
    -h, --help     Show this help

Dockerfile

Or via Docker using :

git clone https://github.com/nil-malh/JNDI-Exploit.git
cd ./JNDI-Exploit
docker build -t jndiexploit .
docker run -it \
    -p 1389:1389 \
    -e LDAP_PORT=1389 \
    -p 80:80 \
    -e HTTP_PORT=80 \
    jndiexploit

Security Notice

This exploit can be extermely powerful when combined with the log4shell exploit. Use this on your own environment/infrastructure.

If you found an vulnerability in a service you use. Please contact the system admin as soon as possible to patch the issue.

Authors

• @feihong-cs, his work is truely amazing make sure to check it out.

• Huge thanks to la-ferro for convincing me to publish this ❤️ . More is to come :)