Log4J - CVE 2021-44228 (Log4Shell) - Exploitation & Mitigation
Рет қаралды 61,465
2 жыл бұрынIn this video, I demonstrate the process of exploiting the Log4J vulnerability, also known as Log4Shell as well as explore the process of mitigating the vulnerability on Apache Solr.
//WHAT IS LOG4J?
Apache Log4j is one of the most widely utilized, open-source Java-based logging utilities. It is used by various Apache solutions like Apache Tomcat, Apache Solr, and Apache Druid to name a few.
//WHAT IS LOG4SHELL?
On November 30th, 2021, the Apache log4j development team was made aware of a vulnerability in Log4j that could allow the injection of malicious input that could consequently facilitate remote code execution.
On December 9th, 2021, the Infosec community was made aware of this finding and the far-reaching impacts of the vulnerability.
The vulnerability could potentially allow attackers to take control of any system running Log4j by logging a certain string.
The vulnerability, now assigned as CVE-2021-44228 has a severity score of 10 (CRITICAL) and has been dubbed “Log4Shell”.
//LINKS
THM Room: bit.ly/3p9Fzn4
Log4j Attack Surface: github.com/YfryTchsGD/Log4jAt...
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/3yagvix
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Log4J#Log4Shell#CVE-2021-44228
@FaTmWit 2 жыл бұрын
I have been watching you for a while and you make it all so clear and understandable for begginers like me! keep it up you are amazing
@viruldojitha9341 2 жыл бұрын
I had read your book about Privilege Escalation Techniques... And man that is really awesome... It is one of my favorite hacking books... Keep going I mean write more books I know it takes a long time to write a book but that book is really really fantastic...
@HackerSploit 2 жыл бұрын
Thank you for the feedback, i am gad that you have found value in the book.
@nathannyabvure8227 2 жыл бұрын
Can l have the name of the book please?
@viruldojitha9341 2 жыл бұрын
@@nathannyabvure8227 Name of the book is "Privilege Escalation Techniques"
@nathannyabvure8227 2 жыл бұрын
thank you so much @@viruldojitha9341 . Privilege escalation is really a point weakness for me.
@rudrasalaria3431 2 жыл бұрын
You're really giving proper knowledge about everything with full detail. Thank U. Lots of Love to you from India. ❤🇮🇳
@jamalkhan815 2 жыл бұрын
Thank you for such a great and to the point explanation!!!
@vonniehudson 2 жыл бұрын
This was so good. Thank you!
@truetierra 2 жыл бұрын
Great content. This is one of those vulns that is kinda fun to watch (as a threat responder) what slips past the IPS as the days go on.
@rydmerlin 2 жыл бұрын
To detect I use lsof -p and recursively check the jars reported for log4j classes.
@saidinesh1841 Жыл бұрын
You have no idea how grateful I am for tNice tutorials series
@8080VB 2 жыл бұрын
Keep up the good work man 💯
@moinkhan 8 ай бұрын
Great tutorial, thanks.
@A.O.U 2 жыл бұрын
Very good video, thank you very much 👍
@BiffBifford 2 жыл бұрын
I can't believe I am getting this information... FOR FREE!
@abdulsamadmuyideen8517 2 жыл бұрын
ooh finally, thanks man.. also pls could you do a lil video on buffer overflow or any u could recommend
@jawadsher7666 2 жыл бұрын
ooooooooooooohhhhhhhhhhh very informative awswome sir awsome
@saidinesh1841 Жыл бұрын
Nice tutorial
@shawnchambers888 2 жыл бұрын
It got behind my Untangle home firewall....ate it for lunch. Yea this one is insane. Will probably install pfsense for a while
@hipou2237 2 жыл бұрын
As usual 🪓
@hambroman 4 ай бұрын
had to watch this for a class but... why does the intro music go so hard?
@r00tkaliluvr5 2 жыл бұрын
How you record screen and your cam in Linux?
@qibcentricsplayground2043 2 жыл бұрын
hi there i followed everything but my netcat has issues whereby it doesnt listen even though it says it is "listening". pls help
@Arfat-Khan Жыл бұрын
I have exploit no rate limit, but now its been duplicate, what else i can do based on no rate limit. Further what can i exploit?
@jawadsher7666 2 жыл бұрын
please make a video about JNDI what is JNDI and how it works
@shellgenius 2 жыл бұрын
Sir I've one doubt why log4 used in apche server for keep track logging There's lot is language for using keep track logging
@officewires518 2 жыл бұрын
Sir please , I want to know how to get the files build-debug , from the Quasar program , thanks for your videos ❤️
@disrael2101 2 жыл бұрын
What about showing how NSO 0 day iMessage exploit worked
@dragonpay7073 2 жыл бұрын
Damn you
@siddharthasodariya3981 Жыл бұрын
Bro...
@ahmedahmed-mo1kj 2 жыл бұрын
sir please explian RCE whatsapp by GIF
Infinity Circus
Рет қаралды 4,3 МЛН
МИЛАНА ТУТ 👀
Рет қаралды 7 МЛН
Hak5
Рет қаралды 225 М.
The CISO Perspective
Рет қаралды 13 М.
HackerSploit
Рет қаралды 21 М.
HackerSploit
Рет қаралды 30 М.
Alex Boyko
Рет қаралды 27 М.
Александр Мальков
Рет қаралды 3,2 МЛН