# PoC of log4j, CVE - 2021 - 44228

## Introduction
    In this repository you can find a reverse shell to a vulnerable website that contains log4j vulnerabilty, exactly the CVE-2021-44228.

## Case of Use
    - Install the required packages from `requierements.txt` by doing pip install -r requirements.txt
    - The java version installed in your computer must be jdk1.8.0_20. Also marshalsec-0.0.3-SNAPSHOT-all.jar, log4shell-1.0-SNAPSHOT.war are needed for         the exploit.
    - Launch a netcat in another port to get the reverse shell in it doing nc -lvnp 9001.
    - In my case I have made some proves to a vulnerable log4j server that is in a **public domain**.
### The test server is from the catalonian sanity service
### The PoC works fine. However, there are some legal issues with the machine. I don't own it but I know the owner.

# Disclaiming, this tool has been used for educational purpouses only.