On this episode of HakByte, @AlexLynd demonstrates a Log4Shell attack against Ghidra, and shows how a reverse shell can be established on compromised systems running the vulnerable Log4J Java framework.
This framework runs on millions of Java powered devices and was recently exploited, exposing a dangerous vulnerability that uses a single line of code to hack vulnerable systems.
Links:
Ghidra 10.0.3 Download: github.com/NationalSecurityAg...
Log4Shell Demo: github.com/kozmer/log4j-shell...
Alex's Twitter: / alexlynd
Alex's Website: alexlynd.com
Alex's GitHub: github.com/AlexLynd
Alex's RU-vid: / alexlynd
Chapters:
Intro @AlexLynd 00:00
What is Log4J? 00:16
Log4Shell Exploit Explained 00:40
Vulnerable Programs 01:11
Set up the Log4Shell Demo 02:33
Create a Webserver 03:11
Netcat Reverse Shell Listener 04:01
Set up Log4Shell Demo 05:01
Log4Shell String Explained 05:45
Ghidra Setup 06:24
Log4Shell Attack Demo 07:01
Netcat Reverse Shell 07:39
Outro 08:00
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → hakshop.myshopify.com/
Subscribe → ru-vid.com...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.podbean.com/feed/
Threat Wire iTunes → itunes.apple.com/us/podcast/t...
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
4 июл 2024