Minecraft hacking with PYTHON and Log4j // Netcat reverse shell exploiting CVE

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

now please note what i'm sharing here is for educational purposes only and to make you aware of the problems with this zero-day attack on log4j make sure that you don't run old versions of the software because it can be manipulated and people can take control of your servers using the software as i'll demonstrate in this video [Music] in this video i'm going to show you how to leverage the log 4j zero day vulnerability to attack a minecraft server and take control of that minecraft server now to make this easier i've created two python scripts you can literally clone my github run two python scripts and you'll be able to rick roll people using the code on my github page there's also more advanced code which allows you to take control of that server using netcat reverse shells i'd like to show you how dangerous the zero day vulnerability is it requires no authentication to leverage you can simply type a command into the chat window on a minecraft server and if that server is using a vulnerable version of log4j you can take control of that server execute remote code or execute a reverse shell connection and take control of the server very very scary it's really really important that you update your software so that you're no longer using old versions of java no longer using old versions of log4j now some people have discovered that even later versions of java are susceptible to this attack so just updating your java is not enough you need to make sure that your log4j software is up to date this is what my topology looks like i've got a windows 11 computer running minecraft over here it's connected via wi-fi to my home router i'm going to be running a minecraft client on my mac the minecraft client is also connected to my home router via wi-fi and what i can do as an example is start minecraft so if i connect to my local minecraft server i'll be able to enter a simple command in the chat on this minecraft server that causes the minecraft server to make a connection using ldap to my hacking server on the internet which then allows me to redirect that to malicious java code which then allows me to do things on the minecraft server now i really want to thank john hammond who created a video showing this attack his video however shows you the process manually there are a lot of steps to get this working so to make this much easier we've created two python scripts which you can get from my github page i'll show you in a moment how to do the full installation to get this to work but in this example my hacking server is hosted on lenode who are sponsoring this video you can use my link below or the code david bumble to get a hundred dollars so that you can run servers for free this server costs five dollars a month to run i'll show you the whole process of setting this up in a moment but for now here's my lenode server has ip address 139 162 246 75 what i'm gonna do here is start two simple python scripts python three log4j and the ip address of my server and then i'll start another python script python3 jcomp pi server py so all i need to do here is run two commands on my python server to start this attack the python scripts will check if you've got the required software if you don't have the required software on your linux server it will download that and install it set all the settings and make sure that the code works we're running two servers here an ldap server and an http server we need the ldap server because that's how we're going to use this zero day attack on the minecraft server and we need a http server to serve the malicious java code okay so i'm connecting to my minecraft server from my mac the minecraft client is running on the apple m1 mac mini in front of me and the server is running on a windows vm on this mac here i'm connecting to that and all i'm going to do is enter this command in the chat and we should see something happen on the minecraft server so what i'll do is show the connections to the hacking server so that you can see what happens and in minecraft i'm going to connect to the server you can see in the log that i've connected i'll press t so that i can type something in the chat and i'll enter that command so press enter we can see the connections to the servers we can see something happening on the server here and there you go i've been able to rick roll you it actually opens up chrome twice in this example so for this attack to work i'd need chrome installed on the minecraft server this is just one example and i'll show you a reverse shell example in a moment i'll go back to the client and i'll paste the command in the chat window once again something happens on the servers notice there's a connection to the ldap server there's a connection to the http server and there you go i've been able to recrawl you once again in this example i got it to open up chrome and go to a specific place on the internet but i could get it to do all kinds of things this is a very simple demonstration okay so now let me show you a reverse shell in this example the hacking device is actually running locally within a vm so on this mac i've got two vms here i've got my windows vm but i've also got a kali or kali linux if you prefer vm so i'll log into my kali server i've run my two python scripts here's the first one that's running the http server you can see it's listing on port quadruple 8 in this example here i've got the ldap server listening on port 1389 and i've got a netcat server listening on port 81. you can have a look at john's video if you want to see how to set up a reverse shell connection in more detail okay so in this example i'm not connecting to this ip address on the internet i'm going to connect to a local vm running on my machia so my kali virtual machine but you could run this on the internet if you preferred as i've demonstrated okay so in the minecraft chat i'm going to paste that command in rather than connecting to a server on the internet i'm going to connect to the local server so press enter and what you'll notice now is rather than this showing linux it's actually showing c users david desktop paper what's happened here is my client running on my mac has sent a command to the server through chat this initiated a connection to the ldap server connected to the http server ran some malicious java code initiated a connection to netcat which gives me a reverse shell connection to that server so whatever i type now on my linux server is going to affect that minecraft server so let's take a simple command such as who am i and i'll paste that into the server notice i am 11 test one david that's the user account that i've used to log into the windows computer let's run a rick roll so i'll paste that in and on my windows computer i've been able to rick roll you once again so i'll close that on the windows server and while that's visible i'll run some commands such as notepad just to make the point that i can run commands directly on the windows server paste that in notice notepad has started on the minecraft server and let's start windows calculator as an example so calc and i'll paste that command in there and what we should see is calculator has started on windows so in this example i've got remote control of this minecraft server from my hacking linux machine i can send commands to the minecraft server and get it to do all kinds of things i could install a backdoor i could install other malicious software on that server i am controlling it from my linux server which once again could be hosted in the cloud in this example my server is hosted by lenode but you could host it in aws or azure or somewhere else now to make this easier for you i've got this running on my github page i'm going to show you now how to set up a brand new server on lenode how to clone the github to that server and how to run these python scripts to replicate what i've done now so on my github i've got a log4j and in the readme i have given you the commands we are once again not encouraging or promoting illegal activities this information is for educational purposes only what you need to do is very simple you need to clone the get to repository you need to run two python scripts and you'll be able to replicate what i've demonstrated here my team and i have spent a lot of time putting this code together taking the great work of john and others and putting it together in a simple python script so on the node i'm going to go to the nodes which are my vms i'm going to create new lenode i'm going to specify in this example ubuntu 2004 lts i'm going to run the server in the uk but you could run it somewhere else i'm going to use a shared cpu i only need a small vm to run this attack and i'm going to click create a load i need to specify a password so i need to give it a name so let's call this demo log4j specify my password and click create lenode that will create the server now the node makes this easy you need to ssh to the server so i'm going to copy that and what i'll do is exit out of my current lenod servers so back on my mac mini i'm going to ssh to the server i've got two separate ssh connections now as usual i can't wait for this to start up i need to wait a bit for that to start and then i'll be able to connect to the server i'll paste my password in on this side paste my password in and i'm logged in so at the moment no files are installed so from my github page all you need to do is copy this command so git clone and paste that in and what we'll have now is a directory called log for minecraft i'll go into that directory and what you'll see is that there are two python scripts i'm going to type python3 log4jpy and notice we are told that we need to specify the ip address of the server that we are using so the ip address of the server is this one here going back to the node you can see that is the ip address of the server that i've just created so i need to specify 139 162 203 25 on my python 3 log4j command and what that will do now is connect to various repositories on the internet and download and install the relevant software you need to say yes to install the software and that will now continue while that's installing i'll log into the second prompt that failed so i'll log back in notice i'm logged in alice shows me i've got that directory i'll go into that directory and what i'll do now is type python3 jcomp pi server py what that does is it compiles the python code in the poc directory and starts a web server so just to show you that if i go into the poc directory ls what you'll see is we've got a class file and a java file the java file is the uncompiled code so if i look at that java file here is the code that's going to be run this output here is actually going to start the rick roll but you could substitute that with notepad or something else so between these two quotes you could replace that output with something like notepad and i'll demonstrate that in a moment but let's run that script again because the other script has completed you can see the server is listening on port 1389 on this side i need to go back a directory and type python 3 jcom pi server py so the server is listening on port quadruple 8 ldap is listening over there my minecraft server is running and what i'll do now is go back to my game before i do that i need my command so in this example i need to change the ip address of the server to 139 162 203 25 as you can see over here so this is the ip address of my node server so i'll copy that so in minecraft back to the game press t press ctrl v now i might need to start that minecraft server again because of the reverse shell so in cali let me break that reverse shell so i'll close that reverse shell down and i'll start the minecraft server again basically my reverse shell was controlling the server so things weren't working properly so i'll start the minecraft server again connect to the minecraft server from my client press t and i'll paste the command in so that's the command paste that in what we should see is a connection to the ldap server connection to the http server and then something should happen assuming that i've done it right there you go something happened there you can see something's happening on the minecraft server and there you go on my brand new lenode server so the one that i've just created i showed you how to create a new server on the node i showed you how to clone my github page and i showed you how easy it was to do this attack by just running two simple python scripts on the new server that i created hopefully you enjoyed this video hopefully it made you aware of the vulnerability with log4j and why it's important to update your systems if you did enjoy this video please like it please consider subscribing to my youtube channel and clicking on the bell to get notifications that really does help me with the youtube robots and it also helps you as you know when i upload new content to my youtube channel i'm david bomble and i want to wish you all the very best

Info

Channel: David Bombal

Views: 17,951

Rating: undefined out of 5

Keywords: minecraft, log4j, python, cve, minecraft log4j, log4j exploit, java exploit, log4j vulnerability, minecraft exploit, log4j exploit minecraft, log4j exploit poc, minecraft exploit client, log4j2 exploit minecraft, minecraft exploit log4j, java exploit log4j, log4j exploit example, log4j exploit poc github, minecraft 1.18, log4j exploit explained, log4j issue, log4j minecraft, log4j attack, minecraft java exploit, log4j tutorial in java, minecraft log4j exploit

Id: efnluUK_w_U

Channel Id: undefined

Length: 16min 13sec (973 seconds)

Published: Fri Dec 17 2021