christophetd/log4shell-vulnerable-app

JNDIExploit unavailable

oflavioc opened this issue · 3 comments

Hi all, it looks like the exploit located at https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip is not available anymore. The repository does not exist. Any workarounds?

root~$ wget https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip
--2021-12-20 15:16:32-- https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip
Resolving github.com (github.com)... 140.82.114.3
Connecting to github.com (github.com)|140.82.114.3|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2021-12-20 15:16:33 ERROR 404: Not Found.

Okay, I managed to grab a copy of this kit.... really weird story.

I have it as a private repo and I reported it to github...

I originally found this exploit kit posted on this blog for a lab here. This was 12/10
https://www.insecurewi.re/setting-up-a-log4shell-lab-cve-2021-44228/

When I went to https://github.com/feihong-cs/JNDIExploit/ the files were actively being deleted and readme was updated to say "This repository has been lost"

There was an issue with two comments. The conversation went like this
"The malware link keeps going down brother"
"Thats going to happen"

I had to get the release from the commit history and it was literally deleted a few seconds after I downloaded the zip.

I reported all this to github.

Source code: #21 (comment)