A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

Last update: Nov 11, 2022

Overview

CVE-2021-44228 – Log4j RCE Unauthenticated

About

This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).

This vulnerability affects versions < 2.15.0.

For more information:

https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j

Contributors

@pedrohavay

Disclaimer

This project is created only for educational purposes and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

Demo

Installation

git clone https://github.com/pedrohavay/exploit-CVE-2021-44228
cd exploit-CVE-2021-44228
pip install -r requirements.txt

Usage

Use the script
```
 python3 main.py
```

Requirements

Python 3
Java (JDK)

Owner

Pedro Havay

I'm security software developer and digital security specialist. Since 9 years old, I have dedicated my time to studying development and security.

GitHub Repository

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Exch-CVE-2021-26855 ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker b

24 Nov 14, 2022

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

408 Jan 03, 2023

Glass是一款针对资产列表的快速指纹识别工具，通过调用Fofa/ZoomEye/Shodan/360等api接口

Glass是一款针对资产列表的快速指纹识别工具，通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹，也可针对IP/IP段或资产列表进行快速的指纹识别。

764 Jan 05, 2023

Repository for a project of the course EP2520 Building Networked Systems Security

EP2520_ACME_Project Repository for a project of the course EP2520 Building Networked Systems Security in Royal Institute of Technology (KTH), Stockhol

1 Dec 11, 2021

neo Tool is great one in binary exploitation topic

neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it

4 Oct 10, 2022

TLaunch: Launch Programs on Multiple Hosts

TLaunch: Launch Programs on Multiple Hosts Introduction Deepmind launchpad is a library that helps writing distributed program in a simple way. But cu

11 Nov 11, 2022

It's a simple tool for test vulnerability Apache Path Traversal

SimplesApachePathTraversal Simples Apache Path Traversal It's a simple tool for test vulnerability Apache Path Traversal https://blog.mrcl0wn.com/2021

56 Dec 27, 2022

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

10.1k Jan 09, 2023

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

26 Dec 26, 2022

Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

6 Sep 22, 2022

Dependency injection in python with autoconfiguration

The base is a DynamicContainer to autoconfigure services using the decorators @services for regular services and @command_handler for using command pattern.

2 Jan 17, 2022

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

165 Dec 21, 2022