diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..786e5c4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:3.16.3 + +COPY . /usr/src/poc +WORKDIR /usr/src/poc +RUN mvn clean && mvn package +USER m3 +HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1 + + +CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"] \ No newline at end of file diff --git a/ec2.tf b/ec2.tf new file mode 100644 index 0000000..251e1ee --- /dev/null +++ b/ec2.tf @@ -0,0 +1,71 @@ +provider "aws" { + region = "us-west-2" +} + +resource "aws_instance" "example" { + ami = "encrypted_ami_id" + instance_type = "t2.micro" + key_name = "example_keypair" + subnet_id = "example_subnet_id" + vpc_security_group_ids = ["example_security_group_id"] + associate_public_ip_address = false + + iam_instance_profile { + name = "example" + } + + root_block_device { + encrypted = true + } + + launch_template { + id = aws_launch_template.example.id + } + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } + ebs_optimized = true +} + + + + + +resource "aws_launch_template" "example" { + name = "example" + + user_data = < index.html + nohup python -m SimpleHTTPServer 80 & + export access_key = "AKIAIOSFODNN7EXAMAAA" + export secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMAAAKEY" + EOF + + root_block_device { + volume_type = "gp2" + volume_size = 10 + encrypted = false + } + + ebs_block_device { + device_name = "/dev/xvdf" + volume_type = "gp2" + volume_size = 10 + encrypted = true + } + + iam_instance_profile { + name = "example" + } + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } + + image_id = "encrypted_ami_id" + instance_type = "t2.micro" +} \ No newline at end of file diff --git a/log4j.yaml b/log4j.yaml new file mode 100644 index 0000000..554cd80 --- /dev/null +++ b/log4j.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Pod +metadata: + name: privileged-pod + namespace: my-namespace +spec: + automountServiceAccountToken: false + securityContext: + seccompProfile: + type: RuntimeDefault + containers: + - name: bad-pod + image: alpine:3.16.3 + imagePullPolicy: Always + resources: + limits: + memory: "128Mi" + cpu: "0.5" + requests: + memory: "64Mi" + cpu: "0.5" + livenessProbe: + httpGet: + path: /index.html + port: 80 + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + securityContext: + privileged: true + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 20000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: /index.html + port: 80 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 \ No newline at end of file diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..d62d380 --- /dev/null +++ b/pom.xml @@ -0,0 +1,54 @@ + + + 4.0.0 + + org.example + log4j-rce + 1.0-SNAPSHOT + jar + + + + org.apache.logging.log4j + log4j-core + 2.14.1 + + + + + org.apache.logging.log4j + log4j-api + 2.14.1 + + + + + + + + maven-assembly-plugin + + + + MyExample + + + + jar-with-dependencies + + + + + make-assembly + package + + single + + + + + + +