# CVE-2021-44228-POC
Yet another CVE-2021-44228 POC

Affected Log4j versions: from 2.0-beta9 up to 2.14.1

## Prerequisites 

Used Java: OpenJDK 11

Maven required to build apps in this repo (alternatively, download prepared jar files from release):

## Building & Running the projects 

Directories description: 
 - jndi - project with JNDI LDAP Reference server
 - web - project with vulnerable server
 - provider - project with code compiler & server
 - resources - directory for additional resources (like screenshots)

Build projects with: 
mvn clean install

Run jars with:
java -jar <jar>

Files to run (these files will be generated in: <repo_name>/<project_name>/target):
 - jndi-1.0.0-jar-with-dependencies.jar (run with: java -jar jndi-1.0.0-jar-with-dependencies.jar "")
 - web-1.0.0.jar (run with: java -jar web-1.0.0.jar) - runs on port 8080
 - provider-1.0.0.jar (run with: java -jar provider-1.0.0.jar) - runs on port 8081

***Alternatively build and run docker image - Docker section below Screenshots***

## Basic usage

0. Start all projects (as above)
1. Go to
2. Copy exploit template and paste it in Java Code box
3. Go to vulnerable logger at:
4. Copy payload from example and send it to the logger
5. Calc app should open (Windows). In case of Linux and Mac, empty file named "PWNED" should be created in \/tmp directory

## Description

Currently, the vulnerability can be exploited via: 
 - */logAction* -> post endpoint (triggers with payload in request headers or "payload" param)
 - */logGetHeaders* -> get endpoint (trigger with request headers)
 - */logPut* -> put endpoint (trigger with request headers or request body)
 - */logDelete* -> delete endpoint (trigger with request headers or request body):

## Screenshots 

Java version:\
![Java version image](

Exploit preparation + Compilation + Serving class file:\
![Exploit preparation image](

Payload (to be delivered to log4j) preparation + Sending the payload:\
![Payload image](

JNDI Reference:\
![JNDI Reference image](

Exploitation result (Windows):\
![Exploitation result (win) image](

Exploitation result (GNU/Linux):\
![Exploitation result (lin) image](

## Docker

You can also build docker image with Dockerfile located in main repo directory.
docker build . -t log4j_vuln
docker run -p 8080:8080 -p 8081:8081 log4j_vuln

docker ps

To see exploitation result (inside container):
docker exec -it <CONTAINER_ID> bash
ls -la /tmp

Kill docker container with: 
docker container kill <CONTAINER_ID>

## Disclaimer

Code presented in this repository is intended to be used **FOR EDUCATIONAL PURPOSES ONLY**.\
I do not aid, or endorse any malicious usage of data from this repository. 

Additionally, code in this repository is shared on an 'AS IS' BASIS - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND.

## More information