log4j-poc
log4j-poc copied to clipboard
cyberxml
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
**wget Error 503** wget -S -c https://dlcdn.apache.org/maven/maven-3/3.8.4/binaries/apache-maven-3.8.4-bin.tar.gz --2022-02-06 13:45:18-- https://dlcdn.apache.org/maven/maven-3/3.8.4/binaries/apache-maven-3.8.4-bin.tar.gz Resolving dlcdn.apache.org (dlcdn.apache.org)... 151.101.2.132, 2a04:4e42::644 Connecting to dlcdn.apache.org (dlcdn.apache.org)|151.101.2.132|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 503 Backend unavailable, connection...
I noticed you didn't have an example packet capture of a successful RMI exploit, so I've attached one to this issue. The relevant data is: * TCP stream 0: HTTP...
Fix: Docker Issue had to set a firewall rule to allow connections from the Exploit.class container to my local host added in : /etc/firewalld/zones/public.xml restart the firewall : systemctl restart...
dns example refers to port 8888 which isnt open, assuming this should be 8080?
FROM codenvy/jdk8_maven3_tomcat8 COPY --chown=user:user files / USER root RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DCC9EFBF77E11517 RUN...
The [Dockerfile call to wget and extract Maven](https://github.com/cyberxml/log4j-poc/blob/f9169984efaa9e51eb871060b6069ce029a57490/cve-neo/Dockerfile#L10C1-L12C42) references an old version (`3.8.4`) that is no longer available. Receiving a 404. Should be updated to `3.8.8` throughout.
[Dockerfile](https://github.com/cyberxml/log4j-poc/blob/f9169984efaa9e51eb871060b6069ce029a57490/cve-web/Dockerfile#L21C5-L21C95) for `cve-web` includes a `wget` call to archive.apache.org. This is causing an error: ``` 0.888 ERROR: The certificate of 'archive.apache.org' is not trusted. 0.888 ERROR: The certificate of 'archive.apache.org'...