search

fullhunt / log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
MIT License
3.39k stars 742 forks source link

DNS callback error: "Connection reset by peer" #84

Closed lgaalswyk closed 2 years ago

lgaalswyk commented 2 years ago

Hi, I cannot get this to work, and I don't see my issue posted. Any help would be appreciated, thank you.

[•] CVE-2021-44228 - Apache Log4j RCE Scanner [•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform. [•] Secure your External Attack Surface with FullHunt.io. [•] Initiating DNS callback server (interact.sh). Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect sslcontext=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 368, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn conn.connect() File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect sslcontext=context) File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 354, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "log4j-scan.py", line 365, in main() File "log4j-scan.py", line 335, in main dns_callback = Interactsh() File "log4j-scan.py", line 195, in init self.register() File "log4j-scan.py", line 204, in register f"https://{self.server}/register", headers=self.headers, json=data, timeout=30) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

axel3rd commented 2 years ago 
[•] Initiating DNS callback server (interact.sh).
---> Connection reset by peer

IMO, a security appliance forbidden you to request interact.sh. You should try another callback (see --dns-callback-provider) or provide your own (--custom-dns-callback-host), or vote for #80.

axel3rd commented 2 years ago

Complement: https://github.com/fullhunt/log4j-scan/issues/53#issuecomment-994732911

lgaalswyk commented 2 years ago

ok thank you. Like #80 I'm on an internal corp lab. I voted!

axel3rd commented 2 years ago

TCP callback receiver testable from https://github.com/axel3rd/log4j-scan (doc), and vote for #95 😁

mazen160 commented 2 years ago

As @axel3rd mentioned, it's related to DNS callback provider being blocked on the network level.

Check: https://github.com/fullhunt/log4j-scan/blob/master/FAQ.md#dns-callback-error