– Please Write here your help request, –
Hi
I ran a script that checks if the log4j vulnerability is present in Parrot os. Turns out that there are several places where there is still log4j 2.14 installed even when I have upgraded the system.
sudo ./log4j_checker_beta.sh
[sudo] password for …:
[INFO] using default hash file. If you want to use other hashes, set another URL as first argument
–2021-12-24 15:45:24-- https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/hashes-pre-cve.txt
Resolving raw.githubusercontent.com (raw.githubusercontent.com)… 185.199.111.133, 185.199.110.133, 185.199.109.133, …
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 3334 (3,3K) [text/plain]
Saving to: ‘/tmp/tmp.U4gBXngnJH_log4jscan/vulnerable.hashes.in’
/tmp/tmp.U4gBXngnJH 100%[===================>] 3,26K --.-KB/s in 0s
2021-12-24 15:45:24 (21,1 MB/s) - ‘/tmp/tmp.U4gBXngnJH_log4jscan/vulnerable.hashes.in’ saved [3334/3334]
[INFO] Downloaded vulnerable hashes from https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/hashes-pre-cve.txt
[INFO] Looking for files containing log4j…
[INFO] using locate, which could be using outdated data. besure to have called updatedb recently
[WARNING] Maybe vulnerable, those files contain the name:
/usr/share/javasnoop/lib/log4j-1.2.16.jar
/usr/share/javasnoop/working/log4j.xml
/usr/share/zaproxy/lib/log4j-1.2-api-2.14.1.jar
/usr/share/zaproxy/lib/log4j-api-2.14.1.jar
/usr/share/zaproxy/lib/log4j-core-2.14.1.jar
[INFO] Checking installed packages: (solr|elastic|log4j)
[INFO] No dpkg packages found
[INFO] Checking if Java is installed…
[WARNING] Java is installed
[INFO] Java applications often bundle their libraries inside binary files,
[INFO] so there could be log4j in such applications.
[INFO] Analyzing JAR/WAR/EAR files…
[INFO] Also checking hashes
…
[WARNING] [2 - contains log4j files] /usr/lib/dbeaver/plugins/org.jkiss.bundle.gis_1.0.1/lib/cts-1.5.2.jar
…
[WARNING] [26 - contains log4j files] /usr/lib/dbeaver/plugins/org.apache.commons.logging_1.2.0.v20180409-1502.jar
…
[WARNING] [398 - contains log4j files] /usr/share/dirbuster/lib/commons-logging-1.1.1.jar
…
[WARNING] [401 - contains log4j files] /usr/share/dirbuster/lib/jericho-html-2.6.jar
…
[WARNING] [448 - contains log4j files] /usr/share/i2p/lib/jetty-i2p.jar
…
[WARNING] [634 - contains log4j files] /usr/share/javasnoop/lib/log4j-1.2.16.jar
…
[WARNING] [638 - contains log4j files] /usr/share/javasnoop/working/JavaSnoop.jar
.
[WARNING] [639 - contains log4j files] /usr/share/javasnoop/JavaSnoop.jar
.
[WARNING] [640 - contains log4j files] /usr/share/jsql-injection/jsql-injection.jar
…
[WARNING] [642 - contains log4j files] /usr/share/maltego/groovy/modules/ext/groovy.jar
…
[WARNING] [736 - contains log4j files] /usr/share/maltego/maltego-core-platform/modules/ext/commons-logging-1.1.1.jar
…
[WARNING] [882 - contains log4j files] /usr/share/maltego/maltego-ui/modules/ext/commons-logging-1.0.4.jar
…
[WARNING] [1283 - contains log4j files] /usr/share/zaproxy/lib/commons-logging-1.2.jar
…
[WARNING] [1294 - contains log4j files] /usr/share/zaproxy/lib/jericho-html-3.4.jar
…
[WARNING] [1298 - contains log4j files] /usr/share/zaproxy/lib/log4j-1.2-api-2.14.1.jar
.
[WARNING] [1299 - contains log4j files] /usr/share/zaproxy/lib/log4j-api-2.14.1.jar
.
[WARNING] [1300 - contains log4j files] /usr/share/zaproxy/lib/log4j-core-2.14.1.jar
[WARNING] [1301 - vulnerable binary classes] /usr/share/zaproxy/lib/log4j-core-2.14.1.jar
…
[WARNING] [1305 - contains log4j files] /usr/share/zaproxy/zap-2.11.0.jar
.
[INFO] Found 1306 files in unpacked binaries containing the string ‘log4j’ with 1 vulnerabilities
[WARNING] Found 1 vulnerabilities in unpacked binaries
[INFO] _________________________________________________
[WARNING] This script does not guarantee that you are not vulnerable, but is a strong hint.
all vulnerable packages are 3rd party tools. We are waiting for new updates from original developers.