POC详情: ba8c7a068f37097fe0b92b0bb650d62743d5dd22

来源
https://github.com/KeysAU/Get-log4j-Windows.ps1
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
介绍
# Get-log4j-Windows.ps1
  
 Identify all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
 
 Will scale to 1,000+ windows servers, 250+ servers at a time. 1k servers took about 1 1/2 hours.
 
 [Apache log4j](https://logging.apache.org/log4j/2.x/)
 
 [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228)
 
Single Server Version:

[Single Server Version](https://github.com/KeysAU/Get-log4j-Windows-local/blob/main/Get-log4j-Windows-local.ps1)

# Script Running:

![image](https://user-images.githubusercontent.com/38932932/146176040-d29e4c1f-fea1-4a6c-af3e-95cba2de1352.png)

# Export:

![image](https://user-images.githubusercontent.com/38932932/146176682-d8e6ea01-4668-428e-963f-080d9c1c3214.png)

# Description: 
              Made for CVE-2021-44228
              Searches AD for all Computer objects with filter. (Made for windows servers)
              Invokes PowerShell on remote server from central server.
              Sets up working directory C:\Temp\log4j on remote servers and copy's over 7zip.exe
              Recursively scans all drives for .jar containers.
              Extracts all .jar with 7-zip.exe to C:\temp\log4j\Extracted           
              Gets version number of log4j version.
              Dynamically creates central csv of where embedded log4j module was located. 
              Captures failed PS jobs and closes stuck jobs after 25min.
              Will scale to 1,000+ servers, 250 servers at a time. 1k servers
				
# Created for: 
              Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228


# Dependencies: 
              You must install 7-zip.exe in C:\support\tools\7-zip on the command-and-control server (x32 bit suggested)
              PowerShell 5.0+
              Uses Windows Remote Management (WinRM) to connect.
              Must run as a domain admin or equivalent permissions to scan all drives
              Needs ping port access through firewalls.

# Change Log:
        15-Dec-2021  -Change Notes: Initial version

# Notes: 
        You need to modify --replaceme 
        You need to update info for your domain(s) See line 64.
        You need to uncomment line 36 for first run.
	
# Licence:
	Open-sourced software licensed under the MIT license.

# Author:
         Keith Waterman
# Date : 
        15-Dec-2021
文件快照

 [4.0K]  /data/pocs/ba8c7a068f37097fe0b92b0bb650d62743d5dd22
├── [ 44K]  Get-log4j-Windows.ps1
├── [1.0K]  LICENSE
└── [2.4K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。