window.
© 2020 Caendra Inc. | WAPTXv2
22
• Delete any source code you see inside EvilRMIServer.java and copy-paste the source code of
the malicious RMI Server above.
• Finally, go to Run and click Run ‘EvilRMIServer’
• Inside
IntelliJ
IDEA,
go
to
File,
Open
and
navigate
to
/home/developer/IdeaProjects/HelloWorld. Then, click
OK and open the project in a new
window.
• Change the SDK to 1.8.0_241
• Finally, point the application to the EvilRMIServer (simulating a JNDI injection), go to Run
and click Run ‘HelloWorld’
Inside the
/tmp directory a
file named rce should now exist!
“
© 2020 Caendra Inc. | WAPTXv2
Do'stlaringiz bilan baham: