log4check
A small Minecraft server to help players detect vulnerability to the Log4Shell exploit
Tested to work between Minecraft versions 1.12.2 and 1.18.1!
Usage
Run: python3 log4check.py
Players can then connect to the server using the hostname and port described in config.json!
How it works
log4check runs two different servers: a Minecraft server using the quarry library and a TCP server that only returns HTTP responses.
When a player connects to the Minecraft server, the server sends them a ${jndi:...} string that contains the URL of the internal TCP server. If the Minecraft client is vulnerable, it will send requests to the TCP server, which in turn will let the Minecraft server know to disconnect the client. The TCP server sends an HTTP response so curious players reading their latest.log file can find a message if they navigate to the server with a web browser.
No valid LDAP is ever sent to clients.
Warning
This was written in spare time and comes with no guarantees. While this tool makes its best effort to determine if a player is vulnerable to Log4Shell, in the event that the player does not query LDAP within five seconds, they may receive a false negative reading.
![Trewis [work] Scotch](https://avatars.githubusercontent.com/u/92666826?v=4&s=60)
4 Sep 23, 2022
57 Oct 03, 2022
13 Jan 04, 2022
87 Dec 28, 2022
7 Nov 09, 2022
4 Nov 24, 2021
50 Sep 13, 2022
56 Dec 27, 2022
14 Nov 11, 2022
5 Mar 19, 2022
237 Dec 21, 2022
1.8k Jan 04, 2023
4 Apr 27, 2022
212 Dec 29, 2022
2 Feb 05, 2022
4 Jun 30, 2022
21 Dec 09, 2022
4 Jan 13, 2022
312 Dec 09, 2022
33 Jul 01, 2022