This repository has been archived by the owner on Jul 25, 2024. It is now read-only.
jolokia Realm JNDI RCE 利用失败 #13
Comments
|
涉密嘛?能否发给我邮箱[email protected],我看看具体情况原因?这种情况还是第一次遇见 |
|
查明原因了,RegistryContextFactory是rmi协议,但JNDI漏洞利用工具只能是ldap协议。如果使用ldap协议得用LdapCtxFactory,但这个类是不支持自定义端口和引用对象,故报错了。目前只能发现是否存在漏洞,漏洞利用只能手工打了。后期尝试其他方法,感谢! |
|
漏洞如何复现的呢 我打了一遍也打不通 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
jolokia Realm JNDI RCE 利用失败
1、输入目标地址和配置服务器地址,点击连接,验证成功
2、检测利用链失败
3、访问
https://x2.2x0.x4.xx5/actuator/jolokia/list查看存在createJNDIRealm关键词4、查看存在
type=MBeanFactory关键词5、手工设置监听,使用py 打成功
The text was updated successfully, but these errors were encountered: