From 52da926b5a78df59a39bf670f8dd9b89ec0662d9 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Tue, 18 Jan 2022 08:28:43 +0100 Subject: [PATCH 1/2] Fix for the right nc binding --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0c61d8b..8ea3738 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ docker-compose build ### Run Web App Attack Demo 1. Setup your docker listener in the first terminal - 1. `nc -lv 10.10.10.31 9001` + 1. `nc -lnvp 9001` 1. Start the docker containers in a second terminal 1. `docker-compose up` 1. Navigate to the web app on port 8080 @@ -54,7 +54,7 @@ docker-compose build ### Run a User Agent Attack Demo 1. Setup your docker listener in the first terminal - 1. `nc -lv 10.10.10.31 9001` + 1. `nc -lnvp 9001` 1. Start the docker containers in a second terminal 1. `docker-compose up` 1. In a third terminal, run the following. The second IP is the docker host From cb93ea557f60b7c094dfb9d180495909ffdcb71a Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Tue, 18 Jan 2022 09:18:16 +0100 Subject: [PATCH 2/2] quick fixes for build and logging --- cve-neo/Dockerfile | 2 +- cve-neo/cve-neo.iml | 14 ++++++++++++++ .../java/com/example/log4shell/LoginServlet.java | 6 ++++-- docker-compose.yml | 2 +- 4 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 cve-neo/cve-neo.iml diff --git a/cve-neo/Dockerfile b/cve-neo/Dockerfile index a5933be..f26a456 100644 --- a/cve-neo/Dockerfile +++ b/cve-neo/Dockerfile @@ -7,7 +7,7 @@ RUN apt -qy update && apt -qy upgrade && apt -qy install wget git vim iputils-pi COPY files / -RUN wget https://dlcdn.apache.org/maven/maven-3/3.8.4/binaries/apache-maven-3.8.4-bin.tar.gz &&\ +RUN wget https://downloads.apache.org/maven/maven-3/3.8.4/binaries/apache-maven-3.8.4-bin.tar.gz &&\ tar xvzf apache-maven-3.8.4-bin.tar.gz &&\ ln -s apache-maven-3.8.4 apache-maven diff --git a/cve-neo/cve-neo.iml b/cve-neo/cve-neo.iml new file mode 100644 index 0000000..f9d9975 --- /dev/null +++ b/cve-neo/cve-neo.iml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/cve-web/files/home/user/log4j-shell-poc/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java b/cve-web/files/home/user/log4j-shell-poc/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java index 5c6aaf5..9d09aee 100644 --- a/cve-web/files/home/user/log4j-shell-poc/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java +++ b/cve-web/files/home/user/log4j-shell-poc/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java @@ -25,8 +25,10 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws S if(userName.equals("admin") && password.equals("password")){ out.println("Welcome Back Admin"); - } - else{ + Logger logger = LogManager.getLogger(com.example.log4shell.log4j.class); + logger.info(userName); + + }else{ // vulnerable code Logger logger = LogManager.getLogger(com.example.log4shell.log4j.class); diff --git a/docker-compose.yml b/docker-compose.yml index e2b3a5e..7312c5a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,7 +31,7 @@ services: environment: - POC_ADDR=172.16.238.11 - POC_PORT=80 - - LISTENER_ADDR=10.10.10.31 + - LISTENER_ADDR=192.168.1.121 - LISTENER_PORT=9001 networks: cve-net: