progS1m

## log4shell-payloads.md

      
              1 file
            
          
              3 forks
            
          
                1 comment
              
            
              9 stars
            
          
                righettod
                / log4shell-payloads.md
            
            
              Last active
              December 18, 2023 06:41
            
              
                List of log4shell payloads seen on my twitter feeds
              
          
    Objective

This gist gather a list of log4shell payloads seen on my twitter feeds.
💨 I will update it every time I see new payloads.
The goal is to allows testing detection regexes defined in protection systems.
⚠️ ⚠️  ⚠️

  
## gist:7df1a7175e580b4266c8ba1f7606ed7e
HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") ||
HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") ||
HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:rmi") ||
HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:dns") ||
HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") ||
HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") ||
HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:rmi") ||
HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:dns") ||
HTTP.REQ.BODY(50000).SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") ||
HTTP.REQ.BODY(50000).SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") ||

## kubectl-snippet.toml
# Reference source snippets

[[snippets]]
  description = "Reference Cheat Sheet"
  command = "start https://kubernetes.io/docs/reference/kubectl/cheatsheet/"
  tag = ["reference"]
  output = ""


# Setup snippets

## keystroke the clipboard extended.workflow
# Why?
# To paste text into windows that normally don't allow it or have access to the clipboard.
# Examples: Virtual machines that do not yet have tools installed, websites that hijack paste
#
# Extended vs Simple?
# * Includes an initial delay to allow you to change active windows
# * Adds small delay between keypresses for slower responding windows like SSH sessions
# * Better handling of numbers
# * VMWare bug fix
#

## download and build git
cd /tmp
wget -O git.zip https://github.com/git/git/archive/master.zip
unzip git.zip
cd git-*

sudo apt-get install make autoconf libcurl4-gnutls-dev gettext gcc zlib1g-dev

make configure
./configure --prefix=/usr --without-tcltk
make all
	HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") \|\|
	HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") \|\|
	HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:rmi") \|\|
	HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:dns") \|\|
	HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") \|\|
	HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") \|\|
	HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:rmi") \|\|
	HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:dns") \|\|
	HTTP.REQ.BODY(50000).SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") \|\|
	HTTP.REQ.BODY(50000).SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") \|\|
	# Reference source snippets

	[[snippets]]
	description = "Reference Cheat Sheet"
	command = "start https://kubernetes.io/docs/reference/kubectl/cheatsheet/"
	tag = ["reference"]
	output = ""


	# Setup snippets
	# Why?
	# To paste text into windows that normally don't allow it or have access to the clipboard.
	# Examples: Virtual machines that do not yet have tools installed, websites that hijack paste
	#
	# Extended vs Simple?
	# * Includes an initial delay to allow you to change active windows
	# * Adds small delay between keypresses for slower responding windows like SSH sessions
	# * Better handling of numbers
	# * VMWare bug fix
	#
	cd /tmp
	wget -O git.zip https://github.com/git/git/archive/master.zip
	unzip git.zip
	cd git-*

	sudo apt-get install make autoconf libcurl4-gnutls-dev gettext gcc zlib1g-dev

	make configure
	./configure --prefix=/usr --without-tcltk
	make all