A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

Overview

Download

jndi-ldap-test-server

This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

How to test vulnerability to CVE-2021-44228

  1. Download the test server binary for your platform (you can find all binaries under Releases).

  2. Run the test server on some IP address accessible by the application you want to test. It's the easiest if you can run the server on the same host as your app (localhost).

  3. Find any untrusted externally provided that your application receives from the outside and logs.

  4. Force your app to log a string that includes:

    ${jndi:ldap://localhost:1389/Test}
    

    Please replace localhost with your own servers' IP or domain name if you're not running the test server locally.

    For instance, if you are running an HTTP server which is logging the User-Agent HTTP header, you can test for vulnerability by calling this cURL command while the test server is running:

    curl my-host -H 'User-Agent: ${jndi:ldap://test-server-host:1389/Test}'
  5. If your application is vulnerable, you should see an incoming connection on the test server, and the injected string will be replaced by the text !!! VULNERABLE !!! in your logs. If your application is not vulnerable, the injected string should not be substituted and the test server should not receive any connection.

You might also like...
Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in

Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote

A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner

Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir

CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluence Server Webwork OGNL injection (Pre-Auth RCE) Disclaimer This is for educational purpose

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

Confluence OGNL Injection [CVE-2021-26084].
Confluence OGNL Injection [CVE-2021-26084].

CVE-2021-26084 this is a script written in golang to exploit Confluence OGNL Injection [CVE-2021-26084]. git clone https://github.com/march0s1as/CVE-

Discover and remediate Log4Shell vulnerability [CVE-2021-45105]

sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from

Update-java-ca-certificates - Small utility to convert the system trust store to a system Java KeyStore

update-java-ca-certificates This small utility takes care of creating a system-w

Comments
  • How to use `--dynamic-payloads` ?

    How to use `--dynamic-payloads` ?

    $ ./jndi-ldap-test-server -d '/bin/ls'
    Incorrect Usage. invalid value "/bin/ls" for flag -d: allowed values are string
    

    What is the dynamic-payloads settings good values ?

    opened by QuentinN42 0
Owner
Rakuten Group, Inc.
Rakuten Group, Inc.
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality

rabid 36 Jun 10, 2022
A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

Rasmus Hansen 5 Jun 19, 2022
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

null 0 Dec 13, 2021
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Frank Hübner 12 Sep 17, 2022
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Alexander Bakker 62 Aug 18, 2022
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)

log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/

Nanitor 11 Apr 8, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Pinaki 23 Jun 23, 2022
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Daniele Linguaglossa 97 Sep 12, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Ryan S. 10 Feb 3, 2022
Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload

l9fuzz Fuzzes various protocols with JNDI LDAP payloads and listen for ping backs Features Low CPU/Memory footprint Integrated LDAP server Trace orign

null 11 Jan 13, 2022