You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
| package main | |
| import ( | |
| "log" | |
| "log/syslog" | |
| ) | |
| func main() { | |
| logwriter, e := syslog.Dial("tcp","123.123.123.123:12345", syslog.LOG_DEBUG, "your.software.identifier") | |
| if e != nil { |
| # Python3 class for RADIUS authentication | |
| # Based loosely on code found at: http://github.com/btimby/py-radius/ | |
| # Copyright (c) 2015, Justin W. Smith <justin.w.smith@gmail.com> | |
| # Copyright (c) 1999, Stuart Bishop <zen@shangri-la.dropbear.id.au> | |
| # All rights reserved. | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions are | |
| # met: |
People
 :bowtie: |
😄 :smile: |
😆 :laughing: |
|---|---|---|
😊 :blush: |
😃 :smiley: |
:relaxed: |
😏 :smirk: |
😍 :heart_eyes: |
😘 :kissing_heart: |
😚 :kissing_closed_eyes: |
😳 :flushed: |
😌 :relieved: |
😆 :satisfied: |
😁 :grin: |
😉 :wink: |
😜 :stuck_out_tongue_winking_eye: |
😝 :stuck_out_tongue_closed_eyes: |
😀 :grinning: |
😗 :kissing: |
😙 :kissing_smiling_eyes: |
😛 :stuck_out_tongue: |
| # coding=utf-8 | |
| """ | |
| LICENSE http://www.apache.org/licenses/LICENSE-2.0 | |
| """ | |
| import datetime | |
| import sys | |
| import time | |
| import threading | |
| import traceback | |
| import SocketServer |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000