JNDI Injection – Starter of Log4Shell
Shortand version of Java Naming and Directory Interface, basically we say JDNI. It is basically a common interface for interacting with Naming and Directory Services written applications in Java. In a nutshell, it’s an API.
- Naming Service: DNS, RMI etc.
- Directory Service: LDAP etc.
We can think JNDI is a hashmap with a String key and Object values representing resources on the web.
What is RMI Registry?
Java Remote Method Invocation, A Java RMI registry is a simplified name service that allows clients to get a reference (a stub) to a remote object.
An RMI consists of 3 parts:
- RMI Server: Simply created methods, objects and registers to the RMI registry.
- RMI Registry: Holds the registered data. You can think like it’s a kind of DB.
- RMI Client: It lookups (fetches) the object with the registered name to RMI registery, then invokes the method from RMI server.
For example, let’s think we are going to interact with a naming service such as RMI and it’s located at localhost:1099. To access this we can use RMI as a protocol: rmi://localhost:1099
The InitialContext stands for the current environment simply. The context object is constructed with the environment variables.
- bind(String name, Object obj) method binds a name to an object
Then, simple we can bind a new object “foo” in the RMI registry:
After binding the object to RMI registry, we can access it’s methods, attributes via lookup method:
Also, we can register a new services with their provide URLs such as LDAP:
JNDI intorudces the Naming Reference:
- Reference Address: eg: “rmi://servar/reference_name”
- Remote Factory: Holds the location of a remote factory class to insantiate the object. Simply it holds the memory address of a factory class of an object, then we can use this object.
- Factory Class Name: for example Hello for a class which generates objects
- Codebase: Location of the factory class file, /path/to/hello.java