Log4j minecraft with python

Last update: Dec 24, 2022

Overview

log4jminecraft

This code DOES NOT promote or encourage any illegal activities! The content in this document is provided solely for educational purposes and to create awareness!

To run this project follow the following steps:

Clone the repository: git clone https://github.com/davidbombal/log4jminecraft.git
Run the script log4j.py (python3 log4j.py <ip_address> i.e. python3 log4j.py 192.168.1.132). This installs the prerequisite software, and also starts up the LDAP server.
Run the script jcomp_pyserv.py (python3 jcomp_pyserv.py). This compiles the Java payload to be ran, and also starts a python3 http.server.

Acknowledgement for contributions:

John Hammond : https://youtu.be/7qoPDq41xhQ
Moritz Bechler (For creating the Java Unmarshaller Security - MarshalSec) : https://github.com/mbechler/marshalsec
xiajun325 for clear instruction on how to use the MarshalSec tool : https://github.com/xiajun325/apache-log4j-rce-poc

Owner

David Bombal

Author, Instructor and YouTuber

GitHub Repository

Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

1 Jan 13, 2022

Scans for Log4j versions effected by CVE-2021-44228

check_mkExtension to check for log4j2 CVE-2021-44228 This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0) How it works Run i

4 Jun 30, 2022

Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container

Home Assistant LDAP Auth Simple script to have LDAP authentication in Home Assistant Docker, using NGINX's ldap-auth container. Usage Deploy NGINX's l

1 Sep 21, 2022

Hikvision 流媒体管理服务器敏感信息泄漏

Hikvisioninformation Hikvision 流媒体管理服务器敏感信息泄漏 Options optional arguments: -h, --help show this help message and exit -u url, --url url

13 Nov 09, 2022

A tool combined with the advantages of masscan and nmap

59 Dec 24, 2022

Cloud One Container Security Runtime Events Forwarder

Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.

3 Feb 10, 2022

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

76 Nov 30, 2022

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio proj

259 Dec 19, 2022

A secure way of storing your passwords.

StrongBox 🔐 A secure way of storing your passwords. 🔑 Why to use StrongBox? StrongBox makes it possible to have a random generated strong password i

5 Dec 25, 2021

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Free HTTP Proxy List 🌍 It is a lightweight project that hourly scrapes lots of

142 Jan 05, 2023

Python HDFS client

Python HDFS client Because the world needs yet another way to talk to HDFS from Python. Usage This library provides a Python client for WebHDFS. NameN

82 Dec 28, 2022

Python tool for exploiting CVE-2021-35616

OracleOTM Python tool for exploiting CVE-2021-35616 The script works in modules, which I implemented in the following order: ► Username enumeration ►

11 Dec 06, 2022

Guess the password for Tik Tok accounts

Guess the password for Tik Tok accounts Tool features : You don't need proxies There is no captcha Running on a private api Combo T

32 Dec 25, 2022

Crowbar - A windows post exploitation tool

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

29 Nov 20, 2022

Windows Virus who destroy some impotants files on C:\windows\system32\

psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We

1 Jan 06, 2022

CVE-2021-26084 Remote Code Execution on Confluence Servers

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P

63 Dec 30, 2022

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible

1 Jan 10, 2022

CC CAMERA HACKING TOOL

CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update

10 Sep 25, 2022

HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

854 Dec 30, 2022

A proxy for asyncio.AbstractEventLoop for testing purposes

aioloop-proxy A proxy for asyncio.AbstractEventLoop for testing purposes. When tests writing for asyncio based code, there are controversial requireme

12 Dec 12, 2022