Home
Attack
Dataset
Contact Us
Attack
2024 01
T1-24–01–S–N–CL
T2-24–01–S–N–CL
T3-24–01–S–N–CL
T4-24–01–S–E–M
T5-24–01–S–E–LM
T6-24–01–S–E–FH
T7-24–01–M–NE–CLM
T8-24–01–M–NE–CFHL
T9-24–01–M–NE–CLM
2024 02
T1-24–02–S–N–CIKM
T2-24–02–S–N–CL
T3-24–02–S–N–CL
T4-24-02-S-E-M
T5-24-02-S-E-DL
T6-24-02-S-E-DEGN
T7-24-02-M-NE-CDEGLN
T8-24-02-M-NE-CDL
T9-24-02-M-NE-CLH
Dataset
Contact Us
T2-24-02-S-N-CL
JNDI Injection RCE (CVE-2023-25194)
JNDI Injection RCE (CVE-2023-25194) is a vulnerability that exploits the Java Naming and Directory Interface (JNDI) to achieve Remote Code Execution (RCE). This flaw allows attackers to inject malicious JNDI URLs into an application, causing it to fetch and execute malicious objects from a remote server. It typically arises from vulnerable code that trusts user inputs to perform JNDI lookups, enabling attackers to gain full control over the system. Mitigation includes strict validation of JNDI input and applying relevant security patches.
OS
IP
Software
Log collection
time
Program
runtime
Attacker
Ubuntu 22.04
172.17.0.1
-
30 sec
40 sec
Victim
Ubuntu 22.04
172.17.0.2
Apache Druid 25.0.0
Installing
python3 -m pip install -r requirements.txt
Using
sudo docker load -i T2-24-02-S-N-CL.tar
python3 run.py
MITRE ATT&CK Framework
Attack Tactic
Reconnaissance
Resource Development
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Logs
./log/2024_02_T2_{time}.pcap # YYmmdd_HHMMSS
References
[1]
NIST [CVE-2023-25194]
[2]
Medium - Victor Park [Apache Kafka 보안 업데이트 권고]
[3]
Apache KAFKA [Apache Kafka Security Vulnerabilities]
[4]
Apache Druid 25.0.0 [Download]
※ Click on the attack name to see a description and scenario for the attack
2024 02
T1-24–02–S–N–CIKM
T2-24–02–S–N–CL
T3-24–02–S–N–CL
T4-24-02-S-E-M
T5-24-02-S-E-DL
T6-24-02-S-E-DEGN
T7-24-02-M-NE-CDEGLN
T8-24-02-M-NE-CDL
T9-24-02-M-NE-CLH
Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.
