Either the HTTP server did not send the correct ldap request or ldap server did not receive the query.
frankwxu opened this issue · comments
See the screenshot. My observation:
- HTTP did receive the HTTP request and send the correct response
- The LDAP server is running and listening correct port
- But the LDAP did not receive the ldap query
Either the HTTP server did not send the correct ldap request or ldap server did not receive the query.
Anyone can help
Hello,
Currently the only supported version of the vulnerable application is using Docker per the README. Can you give it a try?
docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app@sha256:6f88430688108e512f7405ac3c73d47f5c370780b94182854ea2cddc6bd59929
Thank you. I did use the exact command by following the readme. see screenshot. Any suggestions?
The problem could be the version of Java. My Java version in Linux is openJDK11.0.13. It may block the JNDI request, but I am not sure. Any suggestion?
If you're running the vulnerable application with Docker, your local Java version shouldn't matter. Will try to reproduce
The vulnerable application is running on Docker. However, JNDIExploit.v1.2.jar is running on Kali 21.04 with openJDK 11.0.13 (not JDK1.7 or 1.8) with the command java -jar JNDIExploit-1.2-SNAPSHOT.jar -i 127.0.0.1 -p 8888
Worth a shot to run it with Java 1.7 or 1.8 then!
I run JNDIExploit on a Windows server. Now it received the command but threw an error message.
I used an incorrect JDK version. I downloaded JDK 1.8_202 and it is working. Thanks.
