Either the HTTP server did not send the correct ldap request or ldap server did not receive the query.
frankwxu opened this issue · comments
See the screenshot. My observation:
- HTTP did receive the HTTP request and send the correct response
- The LDAP server is running and listening correct port
- But the LDAP did not receive the ldap query
Either the HTTP server did not send the correct ldap request or ldap server did not receive the query.
Anyone can help
Hello,
Currently the only supported version of the vulnerable application is using Docker per the README. Can you give it a try?
docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app@sha256:6f88430688108e512f7405ac3c73d47f5c370780b94182854ea2cddc6bd59929
If you're running the vulnerable application with Docker, your local Java version shouldn't matter. Will try to reproduce
The vulnerable application is running on Docker. However, JNDIExploit.v1.2.jar is running on Kali 21.04 with openJDK 11.0.13 (not JDK1.7 or 1.8) with the command java -jar JNDIExploit-1.2-SNAPSHOT.jar -i 127.0.0.1 -p 8888
Worth a shot to run it with Java 1.7 or 1.8 then!