关联漏洞
描述
Vulnerable web application to test CVE-2021-44228 / log4shell and forensic artifacts from an example attack
介绍
# SnapAttack Log4j / CVE-2021-44228 / log4shell Resources
## What's included?
### Damn Vulnerable Log4j App
[damn-vulnerable-log4j-app](damn-vulnerable-log4j-app) contains a basic vulnerable Java Servlet that logs the User Agent, HTTP GET and POST parameters with log4j. It is packaged as a .war file and can be deployed to servers like Tomcat. See the [README](damn-vulnerable-log4j-app/README.md) for more information.
<img src="dvlog4ja.png" width="450px" />
### Attack Artifacts
[attack-artifacts](attack-artifacts) contains example EDR, system, and application logs, as well as a PCAP and Zeek logs from an attack against a Windows victim machine. You can see the attack in our video at https://www.youtube.com/watch?v=X7cLgDoX6KU. In the future, content like this will be freely available in the community edition of SnapAttack. If you're interested, you can [request an invite](https://www.snapattack.com/request/invite).
## License
All resources in this repository are provided under the [MIT License](LICENSE).
文件快照
[4.0K] /data/pocs/6604a25a0ef58934112751c772efe77afe7623be
├── [386K] artifacts.jpg
├── [4.0K] attack-artifacts
│ ├── [4.0K] attacker
│ │ └── [ 13M] kali.mp4
│ ├── [174K] overview.jpg
│ ├── [1.3K] README.md
│ └── [4.0K] victim
│ ├── [4.0K] logs
│ │ ├── [ 68K] Application.evtx
│ │ ├── [ 15M] Microsoft-Windows-PowerShell%4Operational.evtx
│ │ ├── [8.1M] Microsoft-Windows-Sysmon%4Operational.evtx
│ │ ├── [2.1M] Security.evtx
│ │ ├── [ 68K] System.evtx
│ │ ├── [4.0K] tomcat_webserver
│ │ │ ├── [8.0K] localhost_access_log.2021-12-16.txt
│ │ │ └── [ 16K] log4j.log
│ │ ├── [1.1M] Windows PowerShell.evtx
│ │ └── [4.0K] zeek
│ │ ├── [ 29K] Win10Victim-438ccedb_conn.log
│ │ ├── [4.7K] Win10Victim-438ccedb_dns.log
│ │ ├── [ 17K] Win10Victim-438ccedb_files.log
│ │ ├── [ 12K] Win10Victim-438ccedb_http.log
│ │ ├── [ 90] Win10Victim-438ccedb_packet_filter.log
│ │ ├── [2.5K] Win10Victim-438ccedb_ssl.log
│ │ ├── [ 14K] Win10Victim-438ccedb_weird.log
│ │ └── [ 16K] Win10Victim-438ccedb_x509.log
│ ├── [ 26K] process_list.csv
│ ├── [ 53K] process_list.json
│ ├── [5.2K] systeminfo.txt
│ ├── [9.2M] Win10Victim.mp4
│ └── [4.4M] Win10Victim.pcapng
├── [4.0K] damn-vulnerable-log4j-app
│ ├── [4.0K] damn-vulnerable-log4j-app-java17
│ │ ├── [1.3K] nb-configuration.xml
│ │ ├── [4.4K] pom.xml
│ │ └── [4.0K] src
│ │ └── [4.0K] main
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] com
│ │ │ └── [4.0K] snapattack
│ │ │ └── [4.0K] dvlog4ja
│ │ │ ├── [ 240] App.java
│ │ │ └── [1.1K] RestAPI.java
│ │ ├── [4.0K] resources
│ │ │ └── [4.0K] META-INF
│ │ │ └── [ 425] persistence.xml
│ │ └── [4.0K] webapp
│ │ ├── [ 710] index.html
│ │ ├── [4.0K] META-INF
│ │ │ └── [ 57] context.xml
│ │ └── [4.0K] WEB-INF
│ │ ├── [ 308] beans.xml
│ │ ├── [4.0K] classes
│ │ │ └── [ 669] log4j2.xml
│ │ └── [ 401] web.xml
│ ├── [4.0K] damn-vulnerable-log4j-app-java8
│ │ ├── [1.9K] nb-configuration.xml
│ │ ├── [3.0K] pom.xml
│ │ └── [4.0K] src
│ │ └── [4.0K] main
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] com
│ │ │ └── [4.0K] snapattack
│ │ │ └── [4.0K] dvlog4ja
│ │ │ ├── [ 236] App.java
│ │ │ └── [1.1K] RestAPI.java
│ │ ├── [4.0K] resources
│ │ │ └── [4.0K] META-INF
│ │ │ └── [ 425] persistence.xml
│ │ └── [4.0K] webapp
│ │ ├── [ 710] index.html
│ │ ├── [4.0K] META-INF
│ │ │ └── [ 58] context.xml
│ │ └── [4.0K] WEB-INF
│ │ ├── [ 308] beans.xml
│ │ ├── [4.0K] classes
│ │ │ └── [ 669] log4j2.xml
│ │ └── [ 883] web.xml
│ └── [5.2K] README.md
├── [112K] dvlog4ja.png
├── [1.0K] LICENSE
└── [1.0K] README.md
33 directories, 49 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。