webmedium

Backdoor

hackerlab

Task: Apache Tomcat 8 login form that logs user input via vulnerable Log4j 2.x; page title hints at Log4Shell. Solution: inject JNDI payload in username field, use marshalsec LDAP referral server to redirect to malicious Java class, achieve RCE and exfiltrate flag from /root/.fl4g.txt.

$ ls tags/ techniques/

rce java deserialization tomcat ldap log4shell log4j jndi cve-2021-44228 marshalsec

jndi_injectionlog4shell_exploitationremote_codebase_loadingdata_exfiltration_via_http

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub to get started.

$ssh [email protected]