ldapjndi

package
v1.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 8, 2024 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Overview

This is an implementation of an evil JNDI LDAP server. The server accepts connections and returned a malicious serialized object in response to a search. Serialization is obviously native to Java. To work around this, we pre-serialized some gadgets that use Nashorn as their sink. The desired command is inserted into the pre-compiled gadget (and padded if needed). Not perfect, but not half bad, I think. Inspiration from:

* https://github.com/veracode-research/rogue-jndi * https://github.com/For-ACGN/Log4Shell * https://github.com/zzwlpx/JNDIExploit

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateLDAPServer

func CreateLDAPServer(name string) *ldap.Server

func SetLDAPGadget

func SetLDAPGadget(gadget GadgetName, binary string, lhost string, lport int, command string)

func SetLDAPHTTPClass

func SetLDAPHTTPClass(gadget GadgetName, lhost string, lport int, httpHost string, httpPort int)

Types

type GadgetName

type GadgetName int

mapping of available pre-serialized gadgets.

const (
	// org.apache.naming.factory.BeanFactory + javax.el.ELProcessor#eval (windows + Linux).
	TomcatNashornReverseShell GadgetName = 0
	// org.apache.naming.factory.BeanFactory + javax.el.ELProcessor#eval (linux only).
	TomcatGenericBash GadgetName = 1
	GroovyGenericBash GadgetName = 2
	// org.apache.naming.factory.BeanFactory.
	BeanUtils194GenericBash GadgetName = 3
	// load class via an HTTP server.
	HTTPReverseShell GadgetName = 4
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL