## https://sploitus.com/exploit?id=2E946B1D-12B1-56D1-A72E-A3026C240B1D
# CVE-2021-44228 Helpers
Helpers, examples, and exploits for cve-2021-44228. Associated blog post: https://blog.uint0.dev/cve-2021-44228/
## Helpers
### Echo chamber
`cd echochamber`
Logs input via log4j.
**Build**: `./gradlew build`
**Run**: `./gradlew run --console=plain`
### Ldap Exfil Server
`cd ldap-listener`
Ldap server that logs requests to allow for exfiltration
**Build**: `pip install -r requirements.txt`
**Run**: `python3 listener.py <port>`
## Vulnerable applications
### Spring Hibernate
`cd spring-hibernate-ex`
A sample app using Spring and Hibernate that's vulnerable to RMI deserialization.
**Build**: `./gradlew build`
**Run**: `./gradlew bootRun`
### Class Inclusion
`cd class-inclusion-ex`
A sample app with `com.sun.jndi.ldap.object.trustURLCodebase=true` thats vulnerable to class inclusion
**Build**: `./gradlew build`
**Run**: `./gradlew run --console=plain`
## Exploits
### Exploit Class Inclusion
`cd exploit-class-inclusion`
Simple instructions on how to exploit class inclusion.
### Exploit RMI Deserialization
`cd exploit-rmi-deserialization`
Simple on how to exploit RMI Deserialization for the `spring-hibernate-ex` example.
## Troubleshooting
Everything was tested with java 11 (`sdk use java 11.0.11.j9-adpt`).