Log4j Tomcat Notes - richnadeau/Secure-Web-Application-CTF-Nadeau-Notter GitHub Wiki
This page contains all the documentation we had when trying to make our own tomcat server
Configuration with Vulnerable Tomcat Server
Installing Java
Begin by installing the default Java applications.
We will need these so that we can implement the vulnerable Log4j version later.
sudo apt update
sudo apt install default-jdk
java -version
This should be an older version, however, it may not matter.
Installing the Tomcat server
A user is needed to run the tomcat service. For that, run the following command:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Now we can begin installing Tomcat:
cd /tmp
wget https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.3/bin/apache-tomcat-8.5.3.tar.gz
Alternatively, you can curl the website:
curl -O https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.3/bin/apache-tomcat-8.5.3.tar.gz
Extract the download to the /opt/tomcat/ directory
sudo mkdir /opt/tomcat
tar -xf apache-tomcat-8.5.3.tar.gz
sudo mv apache-tomcat-8.5.3 /opt/tomcat/
Give the Tomcat user and group the proper permissions and set the shell scripts:
sudo chown -R tomcat: /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/apache-tomcat-8.5.3/bin/*.sh'
Now we need to set up the unit file so that Tomcat runs as a service:
sudo nano /etc/systemd/system/tomcat.service
And paste this configuration:
[Unit]
Description=Tomcat 8.0 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/default-java"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat/apache-tomcat-8.5.3"
Environment="CATALINA_HOME=/opt/tomcat/apache-tomcat-8.5.3"
Environment="CATALINA_PID=/opt/tomcat/apache-tomcat-8.5.3/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/apache-tomcat-8.5.3/bin/startup.sh
ExecStop=/opt/tomcat/apache-tomcat-8.5.3/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
Turning on the Server:
sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl status tomcat
Assuming the Tomcat server is up and running, we can now add the management interface!
sudo nano /opt/tomcat/apache-tomcat-8.5.3/conf/tomcat-users.xml
Add this code at the bottom of the file:
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>
This should give the new user access to the web interface after a restart at http://ip-address:8080/manager/html.
Installing Vulnerable Log4j!
Start by navigating to the CATALINA_BASE libraries directory!
sudo -i
cd /opt/tomcat/apache-tomcat-8.5.3/lib
Now create the log4j.properties file with the following contents:
log4j.rootLogger = INFO, CATALINA
# Define all the appenders
log4j.appender.CATALINA = org.apache.log4j.DailyRollingFileAppender
log4j.appender.CATALINA.File = ${catalina.base}/logs/catalina
log4j.appender.CATALINA.Append = true
log4j.appender.CATALINA.Encoding = UTF-8
# Roll-over the log once per day
log4j.appender.CATALINA.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.LOCALHOST = org.apache.log4j.DailyRollingFileAppender
log4j.appender.LOCALHOST.File = ${catalina.base}/logs/localhost
log4j.appender.LOCALHOST.Append = true
log4j.appender.LOCALHOST.Encoding = UTF-8
log4j.appender.LOCALHOST.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.MANAGER = org.apache.log4j.DailyRollingFileAppender
log4j.appender.MANAGER.File = ${catalina.base}/logs/manager
log4j.appender.MANAGER.Append = true
log4j.appender.MANAGER.Encoding = UTF-8
log4j.appender.MANAGER.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.HOST-MANAGER = org.apache.log4j.DailyRollingFileAppender
log4j.appender.HOST-MANAGER.File = ${catalina.base}/logs/host-manager
log4j.appender.HOST-MANAGER.Append = true
log4j.appender.HOST-MANAGER.Encoding = UTF-8
log4j.appender.HOST-MANAGER.DatePattern = '.'yyyy-MM-dd'.log'
log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.HOST-MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.CONSOLE = org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Encoding = UTF-8
log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
# Configure which loggers log to which appenders
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost] = INFO, LOCALHOST
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] =\
INFO, MANAGER
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager] =\
INFO, HOST-MANAGER
Download log4j
cd /home
sudo wget https://archive.apache.org/dist/logging/log4j/2.11.1/apache-log4j-2.11.1-bin.tar.gz
gunzip apache-log4j-2.11.1-bin.tar.gz
tar -xvf apache-log4j-2.11.1-bin.tar
Configuring Tomcat to use log4j
cp /home/apache-log4j-2.11.1-bin/log4j-api-2.11.1.jar /opt/tomcat/apache-tomcat-8.0.53/lib
cp /home/apache-log4j-2.11.2-bin/log4j-core-2.11.1.jar /opt/tomcat/apache-tomcat-8.0.53/lib
cp /home/apache-log4j-2.11.2-bin/log4j-appserver-2.17 /opt/tomcat/apache-tomcat-8.0.53/lib
cd /opt/tomcat/apache-tomcat-8.0.53/bin
rm tomcat-juli.jar
wget https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.53/bin/extras/tomcat-juli.jar
cd /opt/tomcat/apache-tomcat-8.0.53/lib
wget https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.53/bin/extras/tomcat-juli-adapters.jar
mv /opt/tomcat/apache-tomcat-8.0.53/conf/logging.properties /opt/tomcat/apache-tomcat-8.0.53/conf/logging.properties.bak
systemctl restart tomcat
https://www.makeuseof.com/a-step-by-step-guide-to-installing-apache-tomcat-linux/