Log4Shell Exploit Kit (CVE-2021-44228)

Log4Shell — CVE-2021-44228 Exploit Modular

Kit of exploitation complete for the vulnerability of JNDI injection in Apache Log4j 2.x (versions < 2.17.1).

n
• Servidor LDAP malicious — Marshalsec-based LDAP server that sirve clases Java maliciouss to the target.
n
• HTTP callback server — Servidor HTTP that hostea the payload .class compilesdo.
n
• Payloads multiplatform — Reverse shells for Linux (bash, python, perl) and Windows (PowerShell, certutil chain).
n
• Bypass of WAF — 15+ variantes of obfuscation of the string JNDI: ${${lower:j}ndi:...}, ${${env:BARFOO:-j}ndi:...}, nested lookups.
n
• Scanner of detection — Script that test 50+ injection points (headers, forms, user-agent, referer) against a target.
n

Requirements: Java 8+ in atacante, target with Log4j 2.0-2.17.0.