# Log4jTools
Tools for investigating Log4j CVE-2021-44228

## Bug explanation and Demo

## (Get java payload from ldap path provided in JNDI lookup).
Requirements: curl (system), requests (python)

Example command:
python ldap://maliciouserver:1337/path

[+] getting object from ldap://maliciouserver:1337/path
[+] exploit payload: http://maliciouserver:80/Exploit.class
[+] seeing if attacker left behind un-compile payload http://maliciouserver:80/
[x] failed to find payload
[+] trying to fetch compiled payload http://maliciouserver:80/Exploit.class
[+] found payload and saved to file Exploit.class_

## (honeypot to catch exploit attempts based on presence of '${' ).
Requirements: python3, asyncore

Example command:

[2021-12-09 13:00:00,000] Possible CVE-2021-44228 Attempt: -> port 8080 - GET /?id=${jdni:ldap://} HTTP/1.1