https://github.com/rajasoun/log4j-zero-day-exploit

Log4j Zero-Day Exploit
https://github.com/rajasoun/log4j-zero-day-exploit

jndi-exploit logj-rce poc

Last synced: 3 months ago
JSON representation

Log4j Zero-Day Exploit

• Host: GitHub
• URL: https://github.com/rajasoun/log4j-zero-day-exploit
• Owner: rajasoun
• Created: 2021-12-13T20:44:55.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2022-01-10T14:27:35.000Z (almost 3 years ago)
• Last Synced: 2024-05-13T19:33:06.068Z (6 months ago)
• Topics: jndi-exploit, logj-rce, poc
• Language: Java
• Homepage:
• Size: 38.1 KB
• Stars: 4
• Watchers: 2
• Forks: 1
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - rajasoun/log4j-zero-day-exploit - Log4j Zero-Day Exploit (Java)

README

        
## Log4J Zero Day Exploit - POC

Vulnerable Log4J App, Malicious LDAP server for JNDI injection attacks and Exploitation Snippet

### Run

1. Open Terminal and Start the Vulnerable Java App, Malicious JNDI Server

```

./assist.sh poc

```

2. Open Another Terminal and Run Exploit Script

```

./assist.sh exploit

```

3. To View the Expolit in POC Container

```

./assist.sh view

```

4. Open Terminal and Run `nc -lvn 4444` 

5. Open Terminal and Run `./assist.sh exploit` 

6. To shell in POC Container

```

./assist.sh shell

```

> Edit `jndi-exploit/src/main/java/com/rajasoun/jndi/ExportObject.java` for Malicious Code Injection