Log4j minecraft with python

Last update: Dec 24, 2022

Overview

log4jminecraft

This code DOES NOT promote or encourage any illegal activities! The content in this document is provided solely for educational purposes and to create awareness!

To run this project follow the following steps:

Clone the repository: git clone https://github.com/davidbombal/log4jminecraft.git
Run the script log4j.py (python3 log4j.py <ip_address> i.e. python3 log4j.py 192.168.1.132). This installs the prerequisite software, and also starts up the LDAP server.
Run the script jcomp_pyserv.py (python3 jcomp_pyserv.py). This compiles the Java payload to be ran, and also starts a python3 http.server.

Acknowledgement for contributions:

John Hammond : https://youtu.be/7qoPDq41xhQ
Moritz Bechler (For creating the Java Unmarshaller Security - MarshalSec) : https://github.com/mbechler/marshalsec
xiajun325 for clear instruction on how to use the MarshalSec tool : https://github.com/xiajun325/apache-log4j-rce-poc

Owner

David Bombal

Author, Instructor and YouTuber

GitHub Repository

PoC for CVE-2021-26855 -Just a checker-

CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C

17 Dec 22, 2022

Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you.

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you. Although it may not work with high degrees of obfuscation, it's a pretty nice tool to help you even if it's j

3 May 01, 2022

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

867 Dec 22, 2022

Client script for the fisherman phishing tool

1 Feb 23, 2022

Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

2 Oct 31, 2022

xray多线程批量扫描工具

Auto_xray xray多线程批量扫描工具简介 xray社区版貌似没有批量扫描，这就让安服仔使用起来很不方便，扫站得一个个手动添加，非常难受 Auto_xray目录下记得放xray，就跟平时一样的。选项1：oneforall+xray 输入一个主域名，自动采集子域名然后添加到xray任务列表

13 Nov 09, 2022

Tool ini berfungsi untuk membuat virus secara instan

vbug (ID) Tool ini berfungsi untuk membuat virus secara instan. Dengan begitu pengguna vbug maker dapat menggunakannya dengan mudah dan cepat. Di dala

3 Jun 05, 2022

Buffer Overflow para SLmail5.5 32 bits

SLmail5.5-Exploit-BoF Buffer Overflow para SLmail5.5 32 bits con un par de utilidades para que puedas hacer el tuyo REQUISITOS PARA QUE FUNCIONE: Desa

15 Jul 30, 2022

Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)

使用方法&免责声明该脚本为Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)。使用方法：Python CVE-2020-17519.py urls.txt urls.txt 中每个url为一行，漏洞地址输出在vul.txt中影响版本： Apache Flink 1

45 Sep 21, 2022

The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

22 Jul 25, 2022

Generate your own NFTs and their metadata based on your desired probabilities.

Generate your own NFTs and their metadata based on your desired probabilities. Use your own art assets too! Perfect for use with Candy Machine.

7 Sep 16, 2022

Log4jake works by spidering a web application for GET/POST requests

Log4jake Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any di

16 May 09, 2022

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

IDA2Obj IDA2Obj is a tool to implement SBI (Static Binary Instrumentation). The working flow is simple: Dump object files (COFF) directly from one exe

94 Dec 13, 2022

XSS scanner in python

DeadXSS XSS scanner in python How to Download: Step 1: git clone https://github.com/Deadeye0x/DeadXSS.git Step 2: cd DeadXSS Step 3: python3 DeadXSS.p

2 Jul 17, 2022

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

Re-Scripts IA32-VMX-Helper (IDA-Script) IA32-MSR-Decoder (IDA-Script) IA32 VMX Helper It's an IDA script (Updated IA32 MSR Decoder) which helps you to

16 Oct 08, 2022

Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

208 Dec 15, 2022

Example for the NFT 3D Collectibles using Blender Scripting (Python).

NFT Collectibles using Blender Python What is this? This project is to demonstrate for generating NFT Collectible Avatar-Styled images. For details, p

48 Nov 26, 2022

spring-cloud-gateway-rce CVE-2022-22947

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行（CVE-2022-22947） 1.installation pip3 install -r requirements.txt 2.Usage $ python3 spring-cloud-gateway

10 Sep 28, 2022

A windows post exploitation tool that contains a lot of features for information gathering and more.

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

29 Nov 20, 2022