rootkiter rootkiter

## 20211210-TLP-WHITE_LOG4J.md

      
              1 file
            
          
              94 forks
            
          
              764 comments
            
          
              1091 stars
            
          
                SwitHak
                / 20211210-TLP-WHITE_LOG4J.md
            
            
              Last active
              April 26, 2024 07:30
            
              
                BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
              
          
    Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
Errors, typos, something to say ?


If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources


Royce Williams list sorted by vendors responses Royce List
Very detailed list NCSC-NL
The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List


## poc.c
/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/

#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>

## wcr.py
import re
import os,sys
import pefile
import struct
import zipfile
import hashlib
import StringIO
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5,AES

## Email
begin 777 portal.bin
M(R!796QC;VUE#0H-"B,C($ME>0T*#0I24T$@4'5B;&EC($ME>3H@*$XL(#<I
M#0I.(#T@,C,S("H@30T*32!I<R!T:&4@9W)E871E<W0@9F]U<BUD:6=I="!P
M<FEM92!T:&%T(&UA:V5S($X@96YD('=I=&@@,C,S#0H-"B,C($5N8W)Y<'1E
M9"!!=61I="!142!G<F]U<"!N=6UB97(-"@T*5&AE($%U9&ET(%%1(&=R;W5P
M(&YU;6)E<B!I<R!E;F-R>7!T960@=VET:"!T:&4@*BI24T$@4'5B;&EC($ME
M>2HJ+@T*#0I@8&`-"D-/3D-!5"A$14-265!4*#$Y-S,W,BDN=&]3=')I;F<H
M*2P@1$5#4EE05"@S,S,P-SDI+G1O4W1R:6YG*"DI#0I@8&`-"@T*(R!#05!4
M0TA!#0I5<V4@=&AI<R!G:7-T(')E=FES:6]N(&`W9#(S939E.3DY-&)B-F9A
M93@W-&1A8C,U930V9F0W-6(Y9&0Q-6)E8"!R97-U;'0@87,@0T%05$-(02X-
	/*
	Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
	use it on macOS: cc poc.c -o poc while True; do ./poc ; done
	*/

	#include <errno.h>
	#include <signal.h>
	#include <fcntl.h>
	#include <stdio.h>
	#include <stdlib.h>
	import re
	import os,sys
	import pefile
	import struct
	import zipfile
	import hashlib
	import StringIO
	from Crypto import Random
	from Crypto.PublicKey import RSA
	from Crypto.Cipher import PKCS1_v1_5,AES
	begin 777 portal.bin
	M(R!796QC;VUE#0H-"B,C($ME>0T#0I24T$@4'5B;&EC($ME>3H@$XL(#<I
	M#0I.(#T@,C,S("H@30T*32!I<R!T:&4@9W)E871E<W0@9F]U<BUD:6=I="!P
	M<FEM92!T:&%T(&UA:V5S($X@96YD('=I=&@@,C,S#0H-"B,C($5N8W)Y<'1E
	M9"!!=61I="!142!G<F]U<"!N=6UB97(-"@T*5&AE($%U9&ET(%%1(&=R;W5P
	M(&YU;6)E<B!I<R!E;F-R>7!T960@=VET:"!T:&4@*BI24T$@4'5B;&EC($ME
	M>2HJ+@T#0I@8&`-"D-/3D-!5"A$14-265!4#$Y-S,W,BDN=&]3=')I;F<H
	M2P@1$5#4EE05"@S,S,P-SDI+G1O4W1R:6YG"DI#0I@8&`-"@T*(R!#05!4
	M0TA!#0I5<V4@=&AI<R!G:7-T(')E=FES:6]N(&`W9#(S939E.3DY-&)B-F9A
	M93@W-&1A8C,U930V9F0W-6(Y9&0Q-6)E8"!R97-U;'0@87,@0T%05$-(02X-