Closed jagadeeshjs8895 closed 2 years ago
i got this error??? may i know how to resolve this issue
solution: pip3 uninstall PyCrypto pip3 install -U PyCryptodome
[•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect self.sock = ssl_wrapsocket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socketimpl( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.9/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() socket.timeout: _ssl.c:1106: The handshake operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 532, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise raise value File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 385, in _make_request self._raise_timeout(err=e, url=url, timeout_value=conn.timeout) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 336, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='interactsh.com', port=443): Read timed out. (read timeout=30)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/kali/log4j-scan/log4j-scan.py", line 335, in
i fixed above but i got this error
The Interactsh.com is down at the moment. They're facing an outage. That's the main reason we're seeing this error
Okay, thank you.
after detecting the issue could you please tell how to exploit to get reverse shell
On Mon, Dec 13, 2021 at 2:43 PM Mazin Ahmed @.***> wrote:
Closed #4 https://github.com/fullhunt/log4j-scan/issues/4.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/fullhunt/log4j-scan/issues/4#event-5755253833, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALE65CUMUPLSJQBIL23IYVLUQW2LDANCNFSM5J5SF2AQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
The requirements.txt file should be updated to use PyCryptodome.
[•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/home/kali/log4j-scan/log4j-scan.py", line 335, in
main()
File "/home/kali/log4j-scan/log4j-scan.py", line 305, in main
dns_callback = Interactsh()
File "/home/kali/log4j-scan/log4j-scan.py", line 156, in init
rsa = RSA.generate(2048)
File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/RSA.py", line 508, in generate
obj = _RSA.generate_py(bits, rf, progress_func, e) # TODO: Don't use legacy _RSA module
File "/usr/local/lib/python3.9/dist-packages/Crypto/PublicKey/_RSA.py", line 50, in generate_py
p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc)
File "/usr/local/lib/python3.9/dist-packages/Crypto/Util/number.py", line 264, in getStrongPrime
return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob,
File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
return self._singleton.read(bytes)
File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
return self._singleton.read(bytes)
File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 202, in read
return self._singleton.read(bytes)
File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 178, in read
return _UserFriendlyRNG.read(self, bytes)
File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 129, in read
self._ec.collect()
File "/usr/local/lib/python3.9/dist-packages/Crypto/Random/_UserFriendlyRNG.py", line 77, in collect
t = time.clock()
AttributeError: module 'time' has no attribute 'clock'