80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
java -jar JNDI-Injection-Exploit-Plus-2.4-SNAPSHOT-all.jar -C "http://burpcolob" -D URLDNS
Exception in thread "main" java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:118)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at jndi.CommonDeserial.execByDeserialize(CommonDeserial.java:25)
at run.ServerStart.main(ServerStart.java:113)
Caused by: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release
at java.base/java.lang.System.setSecurityManager(System.java:430)
at common.secmgr.ExecCheckingSecurityManager.callWrapped(ExecCheckingSecurityManager.java:70)
at util.PayloadRunner.run(PayloadRunner.java:19)
at payloads.URLDNS.getBytes(URLDNS.java:63)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
... 3 more
java -version
openjdk version "21.0.2" 2024-01-16
OpenJDK Runtime Environment (build 21.0.2+13-58)
OpenJDK 64-Bit Server VM (build 21.0.2+13-58, mixed mode, sharing)
java -jar JNDI-Injection-Exploit-Plus-2.4-SNAPSHOT-all.jar -C "http://burpcolob" -D URLDNS Exception in thread "main" java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:118) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at jndi.CommonDeserial.execByDeserialize(CommonDeserial.java:25) at run.ServerStart.main(ServerStart.java:113) Caused by: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release at java.base/java.lang.System.setSecurityManager(System.java:430) at common.secmgr.ExecCheckingSecurityManager.callWrapped(ExecCheckingSecurityManager.java:70) at util.PayloadRunner.run(PayloadRunner.java:19) at payloads.URLDNS.getBytes(URLDNS.java:63) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ... 3 more
java -version openjdk version "21.0.2" 2024-01-16 OpenJDK Runtime Environment (build 21.0.2+13-58) OpenJDK 64-Bit Server VM (build 21.0.2+13-58, mixed mode, sharing)