A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

Last update: Nov 11, 2022

Overview

CVE-2021-44228 – Log4j RCE Unauthenticated

About

This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).

This vulnerability affects versions < 2.15.0.

For more information:

https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j

Contributors

@pedrohavay

Disclaimer

This project is created only for educational purposes and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

Demo

Installation

git clone https://github.com/pedrohavay/exploit-CVE-2021-44228
cd exploit-CVE-2021-44228
pip install -r requirements.txt

Usage

Use the script
```
 python3 main.py
```

Requirements

Python 3
Java (JDK)

Owner

Pedro Havay

I'm security software developer and digital security specialist. Since 9 years old, I have dedicated my time to studying development and security.

GitHub Repository

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

62 Jan 08, 2023

Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

35 Dec 12, 2022

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

118 Nov 07, 2022

A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

86 Dec 31, 2022

#whois it? Let's find out!

whois_bot #whois it? Let's find out! Currently in development: a gatekeeper bot for a community (https://t.me/IT_antalya) of 250+ expat IT pros of Ant

14 Jun 24, 2022

PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

3 Dec 30, 2021

Metasploit Multi Purpose Exploiting Toolkit For Termux

MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me

22 Dec 29, 2022

Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software in packages called containers However, 'security' is a top request on Docker's public roadmap This project aims at vulnerability check for such docker containers. New contributions are accepted

Docker-Vulnerability-Check Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software i

103 Aug 20, 2022

A passive-recon tool that parses through found assets and interacts with the Hackerone API

Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

4 Jan 13, 2022

♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

2 Jul 23, 2022

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

Related tags

Overview

CVE-2021-44228 – Log4j RCE Unauthenticated

About

Contributors

Disclaimer

Demo

Installation

Usage

Requirements

Owner

Pedro Havay

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

A simple Burp Suite extension to extract datas from source code

#whois it? Let's find out!

PasswordManager is a command-line program that helps you manage your secret files like passwords

Metasploit Multi Purpose Exploiting Toolkit For Termux

A passive-recon tool that parses through found assets and interacts with the Hackerone API

♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Get related domains / subdomains by looking at Google Analytics IDs

👑 Discovery Header DoD Bug-Bounty

阿里云accesskey利用工具

Generate obfuscated meterpreter shells

A proxy for asyncio.AbstractEventLoop for testing purposes

Fast Fb Cracking Tool

CVE-2021-40346 integer overflow enables http smuggling

RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.