GITBOOK-4273: change request with no subject merged in GitBook

This commit is contained in:
CPol 2024-03-16 12:05:32 +00:00 committed by gitbook-bot
parent a1302164ce
commit 34d9baeb61
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF

View file

@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
@ -331,6 +331,11 @@ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -L 172.17.0.1:1389 -J 172.
_This attack using a custom generated java object will work in labs like the **THM solar room**. However, this wont generally work (as by default Java is not configured to load remote codebase using LDAP) I think because its not abusing a trusted class to execute arbitrary code._
### RCE - JNDI-Injection-Exploit-Plus
[https://github.com/cckuailong/JNDI-Injection-Exploit-Plus](https://github.com/cckuailong/JNDI-Injection-Exploit-Plus) is another tool for generating **workable JNDI links** and provide background services by starting RMI server,LDAP server and HTTP server.\
### RCE - ysoserial & JNDI-Exploit-Kit
This option is really useful to attack **Java versions configured to only trust specified classes and not everyone**. Therefore, **ysoserial** will be used to generate **serializations of trusted classes** that can be used as gadgets to **execute arbitrary code** (_the trusted class abused by ysoserial must be used by the victim java program in order for the exploit to work_).
@ -480,7 +485,7 @@ In this [**writeup**](https://intrigus.org/research/2022/07/18/google-ctf-2022-l
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}