IMPORTANT DISCLAIMER
THIS SCRIPT CAN LAND YOU IN SERIOUS TROUBLE. THIS IS FOR RESEARCH AND AUTHORISED PEN TESTING ONLY.
DO NOT DO ILLEGAL SHIT. THIS SCRIPT IS A BASIC EXPLOITATION OF CVE-2021-44228 AND THE METHOD USED IN THIS SCRIPT IS EASILY MITIGATED FOR A REASON.
Log4Me
A tool to automatically obtain a shell using CVE-2021-44228, using marshalsec.
Requires GitPython and thats about it!
Setup
Make sure that python has permission to access the directory that this script is in.
Usage
Just run the script! All prompts are available from within the python shell.
sudo ./Log4Me.py
Thanks
mbechler - This script relies on marshalsec in order to handle the LDAP request sent by log4j. (https://github.com/mbechler/marshalsec)
John Hammond - This script is an automation of the TryHackMe room created by himself. (https://tryhackme.com/room/solar)
The whole Cyber Security community - Working tirelessly to mitigate and patch! Heroes <3
The OG5