A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

Last update: Nov 11, 2022

Overview

CVE-2021-44228 – Log4j RCE Unauthenticated

About

This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).

This vulnerability affects versions < 2.15.0.

For more information:

https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j

Contributors

@pedrohavay

Disclaimer

This project is created only for educational purposes and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

Demo

Installation

git clone https://github.com/pedrohavay/exploit-CVE-2021-44228
cd exploit-CVE-2021-44228
pip install -r requirements.txt

Usage

Use the script
```
 python3 main.py
```

Requirements

Python 3
Java (JDK)

Owner

Pedro Havay

I'm security software developer and digital security specialist. Since 9 years old, I have dedicated my time to studying development and security.

GitHub Repository

Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)

Spring Cloud Gateway 3.0.7 & 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)

35 Dec 28, 2022

A python implementation of the windows 95 product key check.

Windows 95 Product Key Check Info: This is a python implementation of the windows 95 product key check. This was just a bit of fun and a massive 5 hou

11 Aug 07, 2022

Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022

CVE-2021-21972

CVE-2021-21972 % python3 /tmp/CVE_2021_21972.py -i /tmp/urls.txt -n 8 -e [*] Creating tmp.tar containing ../../../../../home/vsphere-ui/.ssh/authoriz

30 Nov 19, 2022

Cisco RV110w UPnP stack overflow

Cisco RV110W UPnP 0day 分析前言最近UPnP比较火，恰好手里有一台Cisco RV110W，在2021年8月份思科官方公布了一个Cisco RV系列关于UPnP的0day，但是具体的细节并没有公布出来。于是想要用手中的设备调试挖掘一下这个漏洞，漏洞的公告可以在官网看到。准

25 Nov 09, 2022

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method Hieu Trung Nguyen, Khang Tran and Ngoc Hoang Luong Setup Clone thi

6 Jun 29, 2022

domato but as a website

ROFL-FUZZER Ths is Domato, a DOM Fuzzer from Google, but hosted as an website It generates a instance of a newtab on the template given by the user ,

18 Nov 22, 2021

DoSer.py - Simple DoSer in Python

DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this

1 Oct 12, 2021

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage: python ProxyLogon.py --host=exchang

112 Dec 01, 2022

Tools Crack Fb Terbaru

12 Jan 06, 2022

A Tool for subdomain scan with other tools

ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. Obs: In a close future recontrac

15 Dec 18, 2021

This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

6 Dec 24, 2022

Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions

dns-mf-hazard Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions How to use it? Installation You need python

2 Jan 01, 2022

wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What's WSVuls? WSVuls is a simple and powerf

47 Sep 22, 2022

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

52 Dec 16, 2022

Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

1 Dec 03, 2021

Community Repository for Unofficial Saltbox Add-ons

Saltbox Sandbox Repo Community Repository for Unofficial Saltbox Add-ons Requirements Saltbox Documentation Undetermined Roles List of roles can be fo

31 Dec 19, 2022

Python HDFS client

Python HDFS client Because the world needs yet another way to talk to HDFS from Python. Usage This library provides a Python client for WebHDFS. NameN

82 Dec 28, 2022

A python script to brute-force guess the passwords to Instagram accounts

Instagram-Brute-Force The purpose of this script is to brute-force guess the passwords to Instagram accounts. Specifics: Comes with 2 separate modes i

2 Nov 16, 2021

this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a

1 Nov 04, 2021