## https://sploitus.com/exploit?id=024D29D3-309F-5B7F-B8C9-2AF149F9A213
# PoC of log4j, CVE - 2021 - 44228
## Introduction
In this repository you can find a reverse shell to a vulnerable website that contains log4j vulnerabilty, exactly the CVE-2021-44228.
## Case of Use
- Install the required packages from `requierements.txt` by doing pip install -r requirements.txt
- The java version installed in your computer must be jdk1.8.0_20. Also marshalsec-0.0.3-SNAPSHOT-all.jar, log4shell-1.0-SNAPSHOT.war are needed for the exploit.
- Launch a netcat in another port to get the reverse shell in it doing nc -lvnp 9001.
- In my case I have made some proves to a vulnerable log4j server that is in a **public domain**.
### The test server is from the catalonian sanity service 13.42.103.149
### The PoC works fine. However, there are some legal issues with the machine. I don't own it but I know the owner.
# Disclaiming, this tool has been used for educational purpouses only.