Log4j rce test environment and poc
log4j rce test environment
see: https://www.lunasec.io/docs/blog/log4j-zero-day/
using the included python poc
build
Either build the jar on your host with mvn clean compile assembly:single
Or use docker to build an image with docker build -t log4jpwn .
run
The server will log 3 things (which are also the triggers). You don’t have to set all 3:
- The
User-Agentheader content - The request path
- The
pwnquery string parameter
To use:
- Run the container with
docker run --rm -p8080:8080 log4jpwn(or the jar if you built on your host withjava -jar target/log4jpwn-1.0-SNAPSHOT-jar-with-dependencies.jar) - Make a
curlrequest