• MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
    Disclosure Date: 2021-12-12
    First seen: 2022-12-23
    exploit/linux/http/mobileiron_core_log4shell
    MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This module will start an LDAP server that the target will need to connect to. Authors: - Spencer McIntyre - RageLtMan <rageltman@sempervictus> - rwincey - jbaines-r7
  • Log4Shell HTTP Scanner
    Disclosure Date: 2021-12-09
    First seen: 2022-12-23
    auxiliary/scanner/http/log4shell_scanner
    Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz. Authors: - Spencer McIntyre - RageLtMan <rageltman@sempervictus>
  • VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
    Disclosure Date: 2021-12-09
    First seen: 2022-12-23
    exploit/multi/http/vmware_vcenter_log4shell
    VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector. Authors: - Spencer McIntyre - RageLtMan <rageltman@sempervictus> - jbaines-r7 - w3bd3vil
  • Log4Shell HTTP Header Injection
    Disclosure Date: 2021-12-09
    First seen: 2022-12-23
    exploit/multi/http/log4shell_header_injection
    Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option. Authors: - Michael Schierl - juan vazquez <juan.vazquez@metasploit.com> - sinn3r <sinn3r@metasploit.com> - Spencer McIntyre - RageLtMan <rageltman@sempervictus>
  • UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)
    Disclosure Date: 2021-12-09
    First seen: 2022-12-23
    exploit/multi/http/ubiquiti_unifi_log4shell
    The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the 'remember' field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the server application. This module will start an LDAP server that the target will need to connect to. Authors: - Spencer McIntyre - RageLtMan <rageltman@sempervictus> - Nicholas Anastasi
5 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!