0x01 简介
log4j-payload-generator是 woodpecker框架 生产log4 jndi注入漏洞payload的插件。目前可以一键生产以下5类payload。
- 原始payload
- {[upper|lower]:x}类型随机混payload
- {[upper|lower]:x}全混淆payload
- {::-n}类型随机混淆payload
- {::-n}类型全混淆payload
Log4j-payload-generator - Log4j jndi injects the Payload generator
Overview
You might also like...
Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...
Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy
Feb 7, 2022
CVE-2021-44228 - Apache log4j RCE quick test
Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha
Feb 1, 2022
Some tools to help mitigating Apache Log4j 2 CVE-2021-44228
JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnera
Dec 18, 2021
This project will help to test the Log4j CVE-2021-44228 vulnerability.
Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on
Jun 30, 2022
Spring Boot Log4j - CVE-2021-44228 Docker Lab
Spring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real
Jun 10, 2022
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process
-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com
Dec 23, 2021
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas
Dec 2, 2022
An agent to hotpatch the log4j RCE from CVE-2021-44228.
Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded
Dec 13, 2022
A fractal generator
FractalMatic This app is a simple 2d fractal generator that uses JavaFx framework. Fractalmatic has only one type of fractal at the moment, but the pl
Oct 18, 2022
Comments
-
Issues while adding to burp
opened by jakre1234 2java.lang.ClassNotFoundException: burp.BurpExtender at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:471) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:398) at burp.ftd.a(Unknown Source) at burp.ftd.
(Unknown Source) at burp.guy.a(Unknown Source) at burp.kp.lambda$panelLoaded$0(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829)
Releases(0.1.1)
-
0.1.1(Dec 13, 2021)
0x01 功能更新
- 实现5种payload一键生成
0x02 开发环境
- woodpecker-framework 1.3.3
- woodpecker-sdk 0.3.0
Source code(zip)
log4j-payload-generator-0.1.1.jar(7.74 KB)
CVE-2021-2109 && Weblogic Server RCE via JNDI
Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected
29 Nov 21, 2022
用于windows反弹shell的yaml-payload
yaml-payload-for-Win 用于windows反弹shell的yaml-payload https://bkfish.gitee.io/2021/06/26/%E8%AE%B0%E4%B8%80%E6%AC%A1%E8%8B%A5%E4%BE%9Dcms%E5%90%8E%E5%8F%
41 Dec 21, 2022
log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
Log4j Scanner This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046). The
1.3k Dec 22, 2022
Oxygen-log4j-patcher - A tool that upgrades the log4j from an Oxygen installation to version 2.16
Oxygen XML Patch Tool for Apache Log4j vulnerability CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 This is a tool that updates the log4j version 2
3 Jan 10, 2022
OpenApi Generator - REST Client Generator
Quarkus - Openapi Generator Welcome to Quarkiverse! Congratulations and thank you for creating a new Quarkus extension project in Quarkiverse! Feel fr
46 Jan 3, 2023
Small example repo for looking into log4j CVE-2021-44228
log4j CVE-2021-44228 Lame useless repo to look into log4j CVE-2021-44228. Setup The repository contains a .idea/ folder which is a IntelliJ IDEA proje
65 Dec 13, 2022
Scan and patch tool for CVE-2021-44228 and related log4j concerns.
A Log4J2 CVE-2021-44228 Vulnerability Scanner and Patcher Links to download the latest version: Linux x64 with glibc2.17+ (RHEL7+) Windows & all other
33 Jun 1, 2022
A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).
MC-Log4J-Patcher The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4
4 Jan 4, 2022
基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1)
Log4j 2 CVE-2021-44228 测试样本应用 基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1) 可用接口 接口 请求方法 参数 vulnerable_request_get GET v=payload vulnerable_reque
3 Mar 23, 2022
Log4J CVE-2021-44228 Minecraft PoC
CVE-2021-44228 in Minecraft Java 16 Paper server build #397 Minecraft 1.17.1 Exploitation In Java 16 only deserialization attacks work by default usin
5 Feb 15, 2022