POC for CVE-2021-44228

This python script was created while I was working on the TryHackMe room for Log4j. While this was created with default variables for this room, I used argparse to make the script versatile for a GET request. All necessary varaibles can be changed with different options, see -h for more information.


Only my script is hosted here, this requires two other downloads to run properly which I will give links for, but setting up the folders the way I did will allow the script to run without much effort. First create a log4j folder (or whatever name you want) then git clone this repo then move the poc.py into /log4j/.

git clone https://github.com/ab0x90/CVE-2021-44228_PoC.git

Next clone marshalsec, in the same directory you just created. And then build it using maven.

git clone https://github.com/mbechler/marshalsec.git
cd marshalsec
mvn clean package -DskipTests

Lastly, you will need to download some version of Java 8. For this script, and the default value for -j is ‘jdk1.8.0_20’.

The new directory should look like this when everything is extracted.

kali@kali-[~/tools/Exploits/log4j]$ls -al
total 338448
drwxr-xr-x 5 kali kali      4096 Dec 14 15:22 .
drwx------ 3 kali kali      4096 Dec 14 14:34 ..
drwxr-xr-x 8 kali kali      4096 Jul 30  2014 jdk1.8.0_20
drwxr-xr-x 5 kali kali      4096 Dec 14 14:40 marshalsec
-rw-r--r-- 1 kali kali      2781 Dec 14 16:02 poc.py

After this setup is complete. Note that if you would like or need to use a different version of java this can be done using -j NAME_OF_JAVA_FOLDER.


Help Menu

Included in the script is the payload provided in the THM room, change the IP/port to whatever you want to use.

Start a netcat listener to catch the shell on the port specified in the java_payload.

Start a python web server on port 8000

Example command:

python3 poc.py -l -i -p 8983 

Example output and reverse shell:


View Github