log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

Last update: Aug 13, 2022

Overview

说明 about

author: 我超怕的

blog: https://www.cnblogs.com/iAmSoScArEd/

github: https://github.com/iAmSOScArEd/

date: 2021-12-20

log4j2 dos exploit

log4j2 dos 漏洞利用脚本

CVE-2021-45105 Exploit

CVE-2021-45105 利用脚本

利用方式 how to use

English：

Log4j2_dos.py -u <url> -m <method> -d <params> -H <header> -l <loop> -t <thread>

-u,--url    	 attack target
-m,--method    http method, only get and post. default is get.
-d,--data   	 get or post params, json format like:{\"username\":\"\"}
-H,--header    request header, json format like:{\"user-agent\":\"\"}
-l,--loop    	 payload loop times (or length),default 100.it is determine where is the params, example get param max length or post param max length or request header max length
-t,--thread    attack thread. default is 0, just request once.

usage:
Log4j2_dos.py -u http://url.com/ -d {\"username\":\"\"}
Log4j2_dos.py -u http://url.com/ -d {\"username\":\"\"} -l 500 -t 100
Log4j2_dos.py -u http://url.com/ -m post -d {\"username\":\"\"} -l 500
Log4j2_dos.py -u http://url.com/ -m post -H {\"user-agent\":\"\"} -l 500 -t 100
Log4j2_dos.py -u http://url.com/ -m post -d {\"username\":\"\"} -H {\"user-agent\":\"\"} -l 500

Output format：

[+] normal time:0.11111

[+] attack time:2.00000

if attack time -normal time>1 or something，it maybe exist vulnerability，can use -t param set attack thread.

中文：

 Log4j2_dos.py -u <url> -m <method> -d <params> -H <header> -l <loop> -t <thread>
 
-u,--url   		 攻击目标
-m,--method    默认为get，http方式，仅支持get和post
-d,--data   	 get或post请求参数，json格式，如：{\"username\":\"\"}
-H,--header    请求头, json格式， 如：{\"user-agent\":\"\"}
-l,--loop    	 默认为100，payload循环长度,根据参数在不同的位置，设置不同的数值，如请求头最大允许长度、get最大长度、post最大长度
-t,--thread    默认为0,表示仅请求一次，攻击线程.。

输出格式：

[+] normal time:0.11111

[+] attack time:2.00000

如果attack time延迟很大，说明漏洞存在，可以利用-t参数设置攻击线程

免责声明

请勿用于非法用途，仅供学习参考。任何违法行为与本人无关。

蹩脚英语，没用翻译，将就看。

By：我超怕的

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

Related tags

Overview

说明 about

利用方式 how to use

English：

中文：

免责声明

Owner

Cloud One Container Security Runtime Events Forwarder

An All-In-One Pure Python PoC for CVE-2021-44228

This tool help you to check if your Windows machine has hidden miner.

I hacked my own webcam from a Kali Linux VM in my local network, using Ettercap to do the MiTM ARP poisoning attack, sniffing with Wireshark, and using metasploit

Brute Force Guess the password for Instgram accounts with python

GRR Rapid Response: remote live forensics for incident response

This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

Cookiecutter for creating open source Python packages

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

This is tools hacking for scan vuln in port web, happy using

A set of blender assets created for the $yb NFT project.

log4j-tools: CVE-2021-44228 poses a serious threat to a wide range of Java-based applications

Grafana-POC(CVE-2021-43798)

Crypto Meta Extractor

Metasploit Multi Purpose Exploiting Toolkit For Termux

PySharpSphere - Inspired by SharpSphere, just another python version

This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

nuclei scanner for proxyshell ( CVE-2021-34473 )

A simple python code for hacking profile views

Tool-X is a kali linux hacking Tool installer.