monkey/docs/content/reference/exploiters/Log4Shell.md

38 lines
1.3 KiB
Markdown
Raw Permalink Normal View History

2022-01-12 16:59:38 +08:00
---
title: "Log4Shell"
date: 2022-01-12T14:07:23+05:30
draft: false
tags: ["exploit", "linux", "windows"]
---
The Log4Shell exploiter exploits
[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228).
2022-01-12 16:59:38 +08:00
### Description
Some versions of Apache Log4j, a Java logging framework, have a logging feature
called "Message Lookup Substitution" enabled by default. This allows replacing
certain special strings by dynamically-generated strings at the time of
logging. If log messages or log message parameters can be controlled by an
attacker, arbitrary code can be executed. The Log4Shell exploiter takes
advantage of this vulnerability to propagate to a victim machine.
2022-01-12 16:59:38 +08:00
You can learn more about this vulnerability and potential mitigations
[here](https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.15.0_.28Java_8.29).
2022-01-12 16:59:38 +08:00
### Services exploited
The Infection Monkey will attempt to exploit the Log4Shell vulnerability in the
following services:
2022-01-12 16:59:38 +08:00
- Apache Solr
- Apache Tomcat
- Logstash
**Note**: Even if none of these services are running in your environment,
running the Log4Shell exploiter can be a good way to test your IDS/IPS or EDR
solutions. These solutions should detect that the Infection Monkey is attempting
to exploit the Log4Shell vulnerability and raise an appropriate alert.