log4shell-vulnerable-app

log4shell-vulnerable-app copied to clipboard

r0binak

Tet

1

sn-ravance

Possible malware in https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip

5

I copied and pasted my reponse for the previous issue, creating a new one to raise attention. Okay, I managed to grab a copy of this kit.... a really weird...

samjcs

error..

4

i'm trying to replicate the log4j environment but when i'm executing the base64 payload which is : "uname -a;id' .. it only execute the second command : id... it doesn't...

scotch123

JNDIExploit unavailable

3

Hi all, it looks like the exploit located at https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip is not available anymore. The repository does not exist. Any workarounds? root~$ wget https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip --2021-12-20 15:16:32-- https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip Resolving github.com (github.com)......

oflavioc

Provide a self-contained lab environment that runs the exploit safely all from docker-compose.

darylrobbins

I've created a java agent which prevents the exploit from working on this example via a java agent. Posting here in case anyone finds it useful: https://github.com/fjmacagno/log4j-safety-agent.

fjmacagno