├── .gitignore ├── LICENSE ├── README.md ├── attacker ├── MarshalsecLDAP-NginxWebServer.yml ├── README.md ├── RogueJndi.yml ├── dns-server │ ├── Requirements.txt │ └── dnsSpoof.py ├── jndi-ex │ └── Dockerfile ├── ldap-server │ └── Dockerfile ├── rogue-jndi │ ├── Dockerfile │ ├── README.md │ └── main │ │ └── java │ │ └── artsploit │ │ ├── Utilities.java │ │ └── controllers │ │ ├── Tomcat.java │ │ └── TomcatReverseBash.java └── web-server │ ├── Dockerfile │ ├── conf │ └── default.conf │ └── payloads │ ├── CreateFile.java │ └── Run.java ├── research-notes ├── 2021-12-10_01-log4j-and-lookups.md ├── 2021-12-10_02-log4j-jndi-lookup.md ├── 2021-12-11_01-CVE-2021-44228-simulation.md ├── 2022-01-03_01-CVE-2021-45046-simulation.md └── README.md ├── resources └── images │ ├── log4j-jndi-architecture.png │ ├── log4j-jndi-directory-service.png │ ├── log4j-jndi-lookup-naming-reference-pcap.png │ ├── log4j-jndi-lookup-serialized-pcap.png │ ├── log4j-jndi-naming-service.png │ ├── log4jshell-architecture.png │ ├── log4jshell-lab-rogue-jndi-test.png │ ├── log4jshell-lab-vuln-webapp.png │ ├── log4jshell-loggerconfig-level.png │ └── log4jshell-trigger-rce-basicjar-reverseshell3.png └── victim ├── README.md ├── tomcat ├── Install-Tomcat.ps1 ├── Install-Tomcat.sh └── setenv.bat └── vuln-apps ├── 2.14.0 ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── vuln │ │ └── app │ │ ├── api.java │ │ └── login.java │ ├── resources │ └── log4j2.xml │ └── webapp │ ├── WEB-INF │ └── web.xml │ └── index.jsp ├── 2.15.0 ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── vuln │ │ └── app │ │ ├── api.java │ │ └── login.java │ ├── resources │ └── log4j2.xml │ └── webapp │ ├── WEB-INF │ └── web.xml │ └── index.jsp ├── 2.16.0 ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── vuln │ │ └── app │ │ ├── api.java │ │ └── login.java │ ├── resources │ └── log4j2.xml │ └── webapp │ ├── WEB-INF │ └── web.xml │ └── index.jsp ├── Compile-Apps.ps1 ├── Compile-Apps.sh └── others ├── basicJar ├── README.md ├── pom.xml └── src │ └── main │ └── java │ └── com │ └── log4jshell │ └── App.java └── logstash ├── Dockerfile ├── Install-Logstash.sh ├── README.md ├── config └── log4j2.properties ├── docker-compose.yml └── pipeline └── 10-http-pipe.conf /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/README.md -------------------------------------------------------------------------------- /attacker/MarshalsecLDAP-NginxWebServer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/MarshalsecLDAP-NginxWebServer.yml -------------------------------------------------------------------------------- /attacker/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/README.md -------------------------------------------------------------------------------- /attacker/RogueJndi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/RogueJndi.yml -------------------------------------------------------------------------------- /attacker/dns-server/Requirements.txt: -------------------------------------------------------------------------------- 1 | scapy 2 | dnspython -------------------------------------------------------------------------------- /attacker/dns-server/dnsSpoof.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/dns-server/dnsSpoof.py -------------------------------------------------------------------------------- /attacker/jndi-ex/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/jndi-ex/Dockerfile -------------------------------------------------------------------------------- /attacker/ldap-server/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/ldap-server/Dockerfile -------------------------------------------------------------------------------- /attacker/rogue-jndi/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/rogue-jndi/Dockerfile -------------------------------------------------------------------------------- /attacker/rogue-jndi/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/rogue-jndi/README.md -------------------------------------------------------------------------------- /attacker/rogue-jndi/main/java/artsploit/Utilities.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/rogue-jndi/main/java/artsploit/Utilities.java -------------------------------------------------------------------------------- /attacker/rogue-jndi/main/java/artsploit/controllers/Tomcat.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/rogue-jndi/main/java/artsploit/controllers/Tomcat.java -------------------------------------------------------------------------------- /attacker/rogue-jndi/main/java/artsploit/controllers/TomcatReverseBash.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/rogue-jndi/main/java/artsploit/controllers/TomcatReverseBash.java -------------------------------------------------------------------------------- /attacker/web-server/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/web-server/Dockerfile -------------------------------------------------------------------------------- /attacker/web-server/conf/default.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/web-server/conf/default.conf -------------------------------------------------------------------------------- /attacker/web-server/payloads/CreateFile.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/web-server/payloads/CreateFile.java -------------------------------------------------------------------------------- /attacker/web-server/payloads/Run.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/attacker/web-server/payloads/Run.java -------------------------------------------------------------------------------- /research-notes/2021-12-10_01-log4j-and-lookups.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/research-notes/2021-12-10_01-log4j-and-lookups.md -------------------------------------------------------------------------------- /research-notes/2021-12-10_02-log4j-jndi-lookup.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/research-notes/2021-12-10_02-log4j-jndi-lookup.md -------------------------------------------------------------------------------- /research-notes/2021-12-11_01-CVE-2021-44228-simulation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/research-notes/2021-12-11_01-CVE-2021-44228-simulation.md -------------------------------------------------------------------------------- /research-notes/2022-01-03_01-CVE-2021-45046-simulation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/research-notes/2022-01-03_01-CVE-2021-45046-simulation.md -------------------------------------------------------------------------------- /research-notes/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/research-notes/README.md -------------------------------------------------------------------------------- /resources/images/log4j-jndi-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4j-jndi-architecture.png -------------------------------------------------------------------------------- /resources/images/log4j-jndi-directory-service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4j-jndi-directory-service.png -------------------------------------------------------------------------------- /resources/images/log4j-jndi-lookup-naming-reference-pcap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4j-jndi-lookup-naming-reference-pcap.png -------------------------------------------------------------------------------- /resources/images/log4j-jndi-lookup-serialized-pcap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4j-jndi-lookup-serialized-pcap.png -------------------------------------------------------------------------------- /resources/images/log4j-jndi-naming-service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4j-jndi-naming-service.png -------------------------------------------------------------------------------- /resources/images/log4jshell-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4jshell-architecture.png -------------------------------------------------------------------------------- /resources/images/log4jshell-lab-rogue-jndi-test.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4jshell-lab-rogue-jndi-test.png -------------------------------------------------------------------------------- /resources/images/log4jshell-lab-vuln-webapp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4jshell-lab-vuln-webapp.png -------------------------------------------------------------------------------- /resources/images/log4jshell-loggerconfig-level.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4jshell-loggerconfig-level.png -------------------------------------------------------------------------------- /resources/images/log4jshell-trigger-rce-basicjar-reverseshell3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/resources/images/log4jshell-trigger-rce-basicjar-reverseshell3.png -------------------------------------------------------------------------------- /victim/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/README.md -------------------------------------------------------------------------------- /victim/tomcat/Install-Tomcat.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/tomcat/Install-Tomcat.ps1 -------------------------------------------------------------------------------- /victim/tomcat/Install-Tomcat.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/tomcat/Install-Tomcat.sh -------------------------------------------------------------------------------- /victim/tomcat/setenv.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/tomcat/setenv.bat -------------------------------------------------------------------------------- /victim/vuln-apps/2.14.0/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.14.0/pom.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.14.0/src/main/java/com/vuln/app/api.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.14.0/src/main/java/com/vuln/app/api.java -------------------------------------------------------------------------------- /victim/vuln-apps/2.14.0/src/main/java/com/vuln/app/login.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.14.0/src/main/java/com/vuln/app/login.java -------------------------------------------------------------------------------- /victim/vuln-apps/2.14.0/src/main/resources/log4j2.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.14.0/src/main/resources/log4j2.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.14.0/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.14.0/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.14.0/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.14.0/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /victim/vuln-apps/2.15.0/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.15.0/pom.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.15.0/src/main/java/com/vuln/app/api.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.15.0/src/main/java/com/vuln/app/api.java -------------------------------------------------------------------------------- /victim/vuln-apps/2.15.0/src/main/java/com/vuln/app/login.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.15.0/src/main/java/com/vuln/app/login.java -------------------------------------------------------------------------------- /victim/vuln-apps/2.15.0/src/main/resources/log4j2.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.15.0/src/main/resources/log4j2.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.15.0/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.15.0/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.15.0/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.15.0/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /victim/vuln-apps/2.16.0/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.16.0/pom.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.16.0/src/main/java/com/vuln/app/api.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.16.0/src/main/java/com/vuln/app/api.java -------------------------------------------------------------------------------- /victim/vuln-apps/2.16.0/src/main/java/com/vuln/app/login.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.16.0/src/main/java/com/vuln/app/login.java -------------------------------------------------------------------------------- /victim/vuln-apps/2.16.0/src/main/resources/log4j2.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.16.0/src/main/resources/log4j2.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.16.0/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.16.0/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /victim/vuln-apps/2.16.0/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/2.16.0/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /victim/vuln-apps/Compile-Apps.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/Compile-Apps.ps1 -------------------------------------------------------------------------------- /victim/vuln-apps/Compile-Apps.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/Compile-Apps.sh -------------------------------------------------------------------------------- /victim/vuln-apps/others/basicJar/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/basicJar/README.md -------------------------------------------------------------------------------- /victim/vuln-apps/others/basicJar/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/basicJar/pom.xml -------------------------------------------------------------------------------- /victim/vuln-apps/others/basicJar/src/main/java/com/log4jshell/App.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/basicJar/src/main/java/com/log4jshell/App.java -------------------------------------------------------------------------------- /victim/vuln-apps/others/logstash/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/logstash/Dockerfile -------------------------------------------------------------------------------- /victim/vuln-apps/others/logstash/Install-Logstash.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/logstash/Install-Logstash.sh -------------------------------------------------------------------------------- /victim/vuln-apps/others/logstash/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/logstash/README.md -------------------------------------------------------------------------------- /victim/vuln-apps/others/logstash/config/log4j2.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/logstash/config/log4j2.properties -------------------------------------------------------------------------------- /victim/vuln-apps/others/logstash/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/logstash/docker-compose.yml -------------------------------------------------------------------------------- /victim/vuln-apps/others/logstash/pipeline/10-http-pipe.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cyb3rWard0g/log4jshell-lab/HEAD/victim/vuln-apps/others/logstash/pipeline/10-http-pipe.conf --------------------------------------------------------------------------------