JNDI-Injection-Exploit 下载/解决相关问题
环境:
- Centos 8
- jdk 1.8
- maven 3.8.8
1、jdk 1.8 安装
jdk 官网:https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html
我选择的版本是:jdk-8u391-linux-x64.tar.gz
cd /usr/local/
tar -xvf jdk-8u391-linux-x64.tar.gz
设置环境,在/etc/profile
文件最后写入
# 如果你不知道你的版本,ls 查看文件
export JAVA_HOME=/usr/local/java/jdk1.8.0_391
export JRE_HOME=/usr/local/java/jdk1.8.0_391/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$PATH
使环境变量生效
source /etc/profile
java -version # 如果报错,就检查在 /etc/profile 设置的路径
2、maven 安装
maven 版本要与 jdk 版本对应
cd /usr/local/
wget https://archive.apache.org/dist/maven/maven-3/3.8.8/binaries/apache-maven-3.8.8-bin.tar.gz
tar -xzf apache-maven-3.8.8-bin.tar.gz
设置环境,在/etc/profile
文件最后三行写入
# 注意你的路径
MAVEN_HOME=/usr/local/apache-maven-3.8.8
export MAVEN_HOME
export PATH=${PATH}:${MAVEN_HOME}/bin
使环境变量生效
source /etc/profile
mvn -v # 如果报错,就检查在 /etc/profile 设置的路径
3、JNDI-Injection-Exploit 安装
git clone https://github.com/welk1n/JNDI-Injection-Exploit.git
cd JNDI-Injection-Exploit
mvn clean package -DskipTests # 这里可能会报错,因为配置文件中的中央仓库位置已经更改,下面给出两种解决方法
报错内容如下
原因:Maven 无法从中央仓库 https://repo.maven.apache.org/maven2
下载 maven-clean-plugin-2.5.pom
文件
根本原因:这个中央仓库发生变动,导致文件路径发生改变
[ERROR] Plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.5: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): transfer failed for https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom: Received fatal alert: protocol_version -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginResolutionException
解决方法
- 手动安装插件(不推荐)
- 更换中央仓库
1)手动安装插件(不推荐)
变动后的中央仓库:https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/
a、去中央仓库下载maven-install-plugin-2.5.jar
b、参数搜索
导入插件,需要自己搜索下列第二、第三个参数
-Dfile=
jar包的路径-DgroupId=
依赖配置项里的groupId
-DartifactId=
依赖配置项里的artifactId
-Dversion=
依赖配置项里的version
-Dpackaging=jar
# 查找相关参数
cat ./apache-maven-3.8.8/conf/settings.xml |grep -E 'groupId|artifactId|version'
c、导入插件
# 根据你自己的情况修改这些参数
mvn install:install-file -Dfile=./maven-install-plugin-2.5.jar -DgroupId=org.myco.myplugins -DartifactId=myplugin -Dversion=2.5 -Dpackaging=jar
# 再次运行
cd JNDI-Injection-Exploit
mvn clean package -DskipTests
如果你碰巧连install
插件都没有,那你还是换个库吧
2)更换中央仓库
下面给出了几个<mirror>
将其写入./apache-maven-3.8.8/conf/settings.xml
文件的<mirrors>
标签中
<mirrors>
...
<mirror>
<id>alimaven</id>
<mirrorOf>central</mirrorOf>
<name>aliyun maven</name>
<url>http://maven.aliyun.com/nexus/content/repositories/central/</url>
</mirror>
<mirror>
<id>alimaven</id>
<name>aliyun maven</name>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
<mirrorOf>central</mirrorOf>
</mirror>
<mirror>
<id>central</id>
<name>Maven Repository Switchboard</name>
<url>http://repo1.maven.org/maven2/</url>
<mirrorOf>central</mirrorOf>
</mirror>
<mirror>
<id>repo2</id>
<mirrorOf>central</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://repo2.maven.org/maven2/</url>
</mirror>
<mirror>
<id>ibiblio</id>
<mirrorOf>central</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://mirrors.ibiblio.org/pub/mirrors/maven2/</url>
</mirror>
<mirror>
<id>jboss-public-repository-group</id>
<mirrorOf>central</mirrorOf>
<name>JBoss Public Repository Group</name>
<url>http://repository.jboss.org/nexus/content/groups/public</url>
</mirror>
<mirror>
<id>google-maven-central</id>
<name>Google Maven Central</name>
<url>https://maven-central.storage.googleapis.com
</url>
<mirrorOf>central</mirrorOf>
</mirror>
<!-- 中央仓库在中国的镜像 -->
<mirror>
<id>maven.net.cn</id>
<name>oneof the central mirrors in china</name>
<url>http://maven.net.cn/content/groups/public/</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
换源之后,再次运行
cd JNDI-Injection-Exploit
mvn clean package -DskipTests
成功
参考