Blog Details

Hub for log4j vulnerability based information CVE-2021-44228 (how to)


One Stop Hub for LOG4J

Information hub for log4j vulnerability

Here is a git hub repo that I will add all valuable information for
– log4j vulnerability scanning to understand your server is Vulnerable or not
– how to patch it
– how to replicate the attack (education purpose) – how to patch it

*Read on git for latest updates

What is log4j ?

LOG4J is a open-source Java-based Apache Software used for logging services.

What is log4j Vulnerability CVE-2021-44228 ?

The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox , works on every program using the Log4j library.

Quick Scan

wget -q -O -| bash

Attack Surfaces / Related Softwares

List of affectedRelated Links
BrandsYfryTchsGD github link gives us a list of impacted services or components or manufacturers ( Apple, Tencent, Twitter, Cloudflare, Amazon, Tesla …etc)
SoftwaresPublised by Nationaal Cyber Security Centrum , github link. (Adobe,EC2, AWS API gateway,DocumentDB, DynamoDB, Kafka, Kinesis, S3, SNS, SQS, AWS SSO, Apache Cisco, CYber ARk, Dell, FOrtinet,Fujitsu, IBM, JuniperNetworks, …….etc)
SourceRelated Links
portfolio_viewi have written a simple bash script to do a basic quick scan.
Inspect Code
Copy code
portfolio_viewCheck your Server for the Java Log4j Vulnerability ,
Blog link , Youtube Tutorial , github link
Website Link, It comes with a web based tool to identify the affected servers CVE-2021-44228
portfolio_viewPerforms two specific checks: HTTP headers and HTTP GET request, github link
portfolio_viewlog4j PowerShell Checker github Link
portfolio_viewA fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts, github link
ADIL SOYBALILog4j-RCE-Scanner,scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.github link
portfolio_viewBytecode Detector,scans all running java processes for vulnerable log4j files. It is NOT invasive and DOES NOT require you to stop your application. It also check, if the program includes artifacts that re-bundled or re-compiled the vulnerable log4j JARs github link

Lab Environments

Created byLab Environment
portfolio_view & JohnHammondSolar, exploiting log4j
portfolio_viewLog4j RCE,This challenge covers the latest RCE in Log4j