JNDI-Injection-Exploit 下载/解决相关问题

环境:

  • Centos 8
  • jdk 1.8
  • maven 3.8.8



1、jdk 1.8 安装

jdk 官网:https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html

我选择的版本是:jdk-8u391-linux-x64.tar.gz

cd /usr/local/
tar -xvf jdk-8u391-linux-x64.tar.gz

设置环境,在/etc/profile文件最后写入

# 如果你不知道你的版本,ls 查看文件
export JAVA_HOME=/usr/local/java/jdk1.8.0_391	
export JRE_HOME=/usr/local/java/jdk1.8.0_391/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$PATH

使环境变量生效

source /etc/profile
java -version	# 如果报错,就检查在 /etc/profile 设置的路径



2、maven 安装

maven 版本要与 jdk 版本对应

cd /usr/local/
wget https://archive.apache.org/dist/maven/maven-3/3.8.8/binaries/apache-maven-3.8.8-bin.tar.gz
tar -xzf apache-maven-3.8.8-bin.tar.gz 

设置环境,在/etc/profile文件最后三行写入

# 注意你的路径
MAVEN_HOME=/usr/local/apache-maven-3.8.8
export MAVEN_HOME
export PATH=${PATH}:${MAVEN_HOME}/bin

使环境变量生效

source /etc/profile
mvn -v	# 如果报错,就检查在 /etc/profile 设置的路径



3、JNDI-Injection-Exploit 安装

git clone https://github.com/welk1n/JNDI-Injection-Exploit.git
cd JNDI-Injection-Exploit
mvn clean package -DskipTests	# 这里可能会报错,因为配置文件中的中央仓库位置已经更改,下面给出两种解决方法

报错内容如下

原因:Maven 无法从中央仓库 https://repo.maven.apache.org/maven2 下载 maven-clean-plugin-2.5.pom 文件

根本原因:这个中央仓库发生变动,导致文件路径发生改变

[ERROR] Plugin org.apache.maven.plugins:maven-clean-plugin:2.5 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.5: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): transfer failed for https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom: Received fatal alert: protocol_version -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginResolutionException

解决方法

  • 手动安装插件(不推荐)
  • 更换中央仓库

1)手动安装插件(不推荐)

变动后的中央仓库:https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/

a、去中央仓库下载maven-install-plugin-2.5.jar

b、参数搜索

导入插件,需要自己搜索下列第二、第三个参数

  • -Dfile=jar包的路径
  • -DgroupId=依赖配置项里的 groupId
  • -DartifactId=依赖配置项里的 artifactId
  • -Dversion=依赖配置项里的 version
  • -Dpackaging=jar
# 查找相关参数
cat ./apache-maven-3.8.8/conf/settings.xml |grep -E 'groupId|artifactId|version'

c、导入插件

# 根据你自己的情况修改这些参数
mvn install:install-file -Dfile=./maven-install-plugin-2.5.jar -DgroupId=org.myco.myplugins -DartifactId=myplugin -Dversion=2.5 -Dpackaging=jar
# 再次运行
cd JNDI-Injection-Exploit
mvn clean package -DskipTests

如果你碰巧连install插件都没有,那你还是换个库吧

2)更换中央仓库

下面给出了几个<mirror>将其写入./apache-maven-3.8.8/conf/settings.xml文件的<mirrors>标签中

<mirrors>
    ...
		<mirror>
            <id>alimaven</id>
            <mirrorOf>central</mirrorOf>
            <name>aliyun maven</name>
            <url>http://maven.aliyun.com/nexus/content/repositories/central/</url>
        </mirror>
        <mirror>
            <id>alimaven</id>
            <name>aliyun maven</name>
            <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
            <mirrorOf>central</mirrorOf>
        </mirror>
        <mirror>
            <id>central</id>
            <name>Maven Repository Switchboard</name>
            <url>http://repo1.maven.org/maven2/</url>
            <mirrorOf>central</mirrorOf>
        </mirror>
        <mirror>
            <id>repo2</id>
            <mirrorOf>central</mirrorOf>
            <name>Human Readable Name for this Mirror.</name>
            <url>http://repo2.maven.org/maven2/</url>
        </mirror>
        <mirror>
            <id>ibiblio</id>
            <mirrorOf>central</mirrorOf>
            <name>Human Readable Name for this Mirror.</name>
            <url>http://mirrors.ibiblio.org/pub/mirrors/maven2/</url>
        </mirror>
        <mirror>
            <id>jboss-public-repository-group</id>
            <mirrorOf>central</mirrorOf>
            <name>JBoss Public Repository Group</name>
            <url>http://repository.jboss.org/nexus/content/groups/public</url>
        </mirror>
        <mirror>
            <id>google-maven-central</id>
            <name>Google Maven Central</name>
            <url>https://maven-central.storage.googleapis.com
            </url>
            <mirrorOf>central</mirrorOf>
        </mirror>
        <!-- 中央仓库在中国的镜像 -->
        <mirror>
            <id>maven.net.cn</id>
            <name>oneof the central mirrors in china</name>
            <url>http://maven.net.cn/content/groups/public/</url>
            <mirrorOf>central</mirrorOf>
        </mirror>
</mirrors>

换源之后,再次运行

cd JNDI-Injection-Exploit
mvn clean package -DskipTests

成功

参考

posted @ 2024-04-21 21:28  kazie  阅读(250)  评论(0编辑  收藏  举报