Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source
https://github.com/KeysAU/Get-log4j-Windows.ps1
Associated Vulnerability
Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
Description
Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
Readme
# Get-log4j-Windows.ps1
  
 Identify all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228
 
 Will scale to 1,000+ windows servers, 250+ servers at a time. 1k servers took about 1 1/2 hours.
 
 [Apache log4j](https://logging.apache.org/log4j/2.x/)
 
 [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228)
 
Single Server Version:

[Single Server Version](https://github.com/KeysAU/Get-log4j-Windows-local/blob/main/Get-log4j-Windows-local.ps1)

# Script Running:

![image](https://user-images.githubusercontent.com/38932932/146176040-d29e4c1f-fea1-4a6c-af3e-95cba2de1352.png)

# Export:

![image](https://user-images.githubusercontent.com/38932932/146176682-d8e6ea01-4668-428e-963f-080d9c1c3214.png)

# Description: 
              Made for CVE-2021-44228
              Searches AD for all Computer objects with filter. (Made for windows servers)
              Invokes PowerShell on remote server from central server.
              Sets up working directory C:\Temp\log4j on remote servers and copy's over 7zip.exe
              Recursively scans all drives for .jar containers.
              Extracts all .jar with 7-zip.exe to C:\temp\log4j\Extracted           
              Gets version number of log4j version.
              Dynamically creates central csv of where embedded log4j module was located. 
              Captures failed PS jobs and closes stuck jobs after 25min.
              Will scale to 1,000+ servers, 250 servers at a time. 1k servers
				
# Created for: 
              Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228


# Dependencies: 
              You must install 7-zip.exe in C:\support\tools\7-zip on the command-and-control server (x32 bit suggested)
              PowerShell 5.0+
              Uses Windows Remote Management (WinRM) to connect.
              Must run as a domain admin or equivalent permissions to scan all drives
              Needs ping port access through firewalls.

# Change Log:
        15-Dec-2021  -Change Notes: Initial version

# Notes: 
        You need to modify --replaceme 
        You need to update info for your domain(s) See line 64.
        You need to uncomment line 36 for first run.
	
# Licence:
	Open-sourced software licensed under the MIT license.

# Author:
         Keith Waterman
# Date : 
        15-Dec-2021
File Snapshot

 [4.0K]  /data/pocs/ba8c7a068f37097fe0b92b0bb650d62743d5dd22
├── [ 44K]  Get-log4j-Windows.ps1
├── [1.0K]  LICENSE
└── [2.4K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.