Giters

NeuronAddict / log4shell-demo

Repository from Github https://github.comNeuronAddict/log4shell-demoRepository from Github https://github.comNeuronAddict/log4shell-demo

https://github.com/mbechler/marshalsec

https://www.veracode.com/blog/research/exploiting-jndi-injections-java https://jmdoudoux.developpez.com/cours/developpons/java/chap-jndi.php https://docs.oracle.com/javase/8//docs/technotes/guides/jndi/jndi-rmi.html https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf

https://logging.apache.org/log4j/2.x/manual/lookups.html#JavaLookup https://www.baeldung.com/java-jndi-comp-env https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/

  • run ldap project
  • run python server to serve MaliciousClass.ser

get older jdk here : https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html

About

Languages

Language:Java 94.0%Language:Dockerfile 6.0%