# IMPORTANT DISCLAIMER
**THIS SCRIPT CAN LAND YOU IN SERIOUS TROUBLE. THIS IS FOR RESEARCH AND AUTHORISED PEN TESTING ONLY.**
**DO NOT DO ILLEGAL SHIT. THIS SCRIPT IS A BASIC EXPLOITATION OF CVE-2021-44228 AND THE METHOD USED IN THIS SCRIPT IS EASILY MITIGATED FOR A REASON.**
A tool to automatically obtain a shell using CVE-2021-44228, using marshalsec.
Requires GitPython and thats about it!
Make sure that python has permission to access the directory that this script is in.
Just run the script! All prompts are available from within the python shell.
mbechler - This script relies on marshalsec in order to handle the LDAP request sent by log4j. (https://github.com/mbechler/marshalsec)
John Hammond - This script is an automation of the TryHackMe room created by himself. (https://tryhackme.com/room/solar)
The whole Cyber Security community - Working tirelessly to mitigate and patch! Heroes <3