From 02864c971cab9f4335809a9e198419c52a9ad390 Mon Sep 17 00:00:00 2001
From: bmvermeer <brianvermeer@snyk.io>
Date: Tue, 4 Jan 2022 16:09:25 +0100
Subject: [PATCH] specified exec plugin in pomfile with startup class, no need
 to give it as argument.

---
 log4shell-goof/README.md                |  6 +++---
 log4shell-goof/log4shell-client/pom.xml | 14 ++++++++++++++
 log4shell-goof/log4shell-server/pom.xml |  9 +++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/log4shell-goof/README.md b/log4shell-goof/README.md
index 8f6b28bda6..bee3fc6311 100644
--- a/log4shell-goof/README.md
+++ b/log4shell-goof/README.md
@@ -41,7 +41,7 @@ Java class that will be deserialized and executed.
 
 The HTTP server listens on port `8000` and responds to any request with a byte array that is the `Evil.class`.
 
-`Evil` implements `ObjecFactory` which the JNDI mechanism hooks into to execute its `getObjectInstance` method. While
+`Evil` implements `ObjectFactory` which the JNDI mechanism hooks into to execute its `getObjectInstance` method. While
 the method simply returns `null`, it uses `Runtime` to execute arbitrary code on the host machine. In this case, it
 writes to a file called: `/tmp/pwned` to prove that it _could_ execute basically anything available on the machine.
 
@@ -51,7 +51,7 @@ Open a terminal window and run the following:
 
 ```
 cd log4shell-server
-mvn exec:java -Dexec.mainClass="Server"
+mvn exec:java
 ```
 
 You should see output that looks like the following:
@@ -67,7 +67,7 @@ In another terminal window, run the following:
 ```
 cd log4shell-client
 JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home \
-mvn exec:java -Dexec.mainClass="Main"
+mvn exec:java
 ```
 
 **NOTE:** Referencing `JAVA_HOME` is important as the exploit only fully works with older JDK versions.
diff --git a/log4shell-goof/log4shell-client/pom.xml b/log4shell-goof/log4shell-client/pom.xml
index 26e8a05bd9..3d3e211cca 100644
--- a/log4shell-goof/log4shell-client/pom.xml
+++ b/log4shell-goof/log4shell-client/pom.xml
@@ -31,4 +31,18 @@
       <version>2.14.1</version>
     </dependency>
   </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>exec-maven-plugin</artifactId>
+        <version>3.0.0</version>
+        <configuration>
+          <mainClass>Main</mainClass>
+          <cleanupDaemonThreads>false</cleanupDaemonThreads>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
 </project>
diff --git a/log4shell-goof/log4shell-server/pom.xml b/log4shell-goof/log4shell-server/pom.xml
index d502a27d12..1976ac44ba 100644
--- a/log4shell-goof/log4shell-server/pom.xml
+++ b/log4shell-goof/log4shell-server/pom.xml
@@ -47,6 +47,15 @@
           </descriptorRefs>
         </configuration>
       </plugin>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>exec-maven-plugin</artifactId>
+        <version>3.0.0</version>
+        <configuration>
+          <mainClass>Server</mainClass>
+          <cleanupDaemonThreads>false</cleanupDaemonThreads>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 </project>