## https://sploitus.com/exploit?id=21AACF78-8053-529E-909E-B6D5158008AC
# horrors-log4shell
> A micro lab (playground?) for CVE-2021-44228 (log4j)
* Can be used for executing payloads against multiple targets.
* Target-specific payloads are generated runtime.
* Adjustable configuration and bypasses.
## Installation
### Java-related requirements
* Development / Running example
* Gradle
* Maven
* In order to test the recent log4j related vulnerabilities (CVE-2021-44228, CVE-2021-45046):
* JDK 8u121
* Ysoserial compiled JAR (https://github.com/frohoff/ysoserial)
* Make sure to have compatible JDKs on both sides.
### Python requirements
% pip3 install pyasn1 pyjnius git+https://github.com/tasooshi/horrors
## Usage
### Step 1: Configuring
Copy and adjust the `attacker_config.py.example` configuration file.
### Step 2: Running the vulnerable application
Listens on `8080` by default and exposes two paths: `/` and `/endpoint`:
$ cd Vulnerable; mvn spring-boot:run
### Step 3: Running the data collector service
This daemon collects data incoming from exploited machines and logs into a JSON file:
(.venv) $ ./collector.py
### Step 4: Executing the attack:
Opens up several ports that get proxied to a single JNDI handler (`class JNDI(services.Service)`). Starts sending requests automatically:
(.venv) $ ./attacker.py
Visit `http://127.0.0.1:8889/send-requests` to resend the requests.
### Check:
So, in the end you should have the following services running:
* `collector.py` at port `8888`
* `attacker.py` for static content and control at port `8889`
* `attacker.py` at ports `1389` and `8443`
* `Vulnerable.java` at port `8080`