A Journey From JNDI-LDAP Manipulation to Remote Code Execution Dream Land

Explore a comprehensive analysis of JNDI Reference Injection vulnerabilities in this Black Hat conference talk. Delve into the intricacies of Java Naming and Directory Interface (JNDI) and its potential security risks. Learn about the discovery of this new vulnerability type, initially found in malware samples targeting Java Applets. Understand how attackers can exploit JNDI lookups in web applications to execute arbitrary code on servers. Examine the underlying technology, various exploitation techniques, and attack vectors involving RMI, LDAP, and CORBA services. Discover how LDAP manipulation can be used as an alternative attack vector, even when direct influence over lookup addresses is not possible. Gain insights into attack processes, dynamic protocol switching, and specific vector exploitations. Investigate previous research on click-to-play bypasses and deserialization attacks. Explore CORBA vector limitations, bypasses, and deserialization attacks. Dive deep into LDAP vectors, including lookup vs. search operations, object-returning searches, and Java object decoding. Learn about entry poisoning techniques using serialized objects and JNDI references. Analyze various attack scenarios, including entry manipulation and man-in-the-middle tampering. Conclude with valuable recommendations to mitigate these security risks in enterprise applications.