Pentests and Log4J: How to Exploit a Vulnerable System

Too Long; Didn't Read

In this article, we pentest a vulnerable system and demonstrate how a remote shell can be obtained using a Log4j open-source exploit that is available to anyone. Introduction This critical vulnerability, labeled CVE-2021-44228, affects a large number of customers, as the Apache Log4j component is widely used in both commercial and open-source software. In addition, ransomware attackers are weaponizing the Log4j exploit to increase their reach to more victims across the globe. Our demonstration is provided for educational purposes to a more technical audience with the goal of providing more awareness around how this exploit works. Raxis believes that a better understanding of the composition of exploits it the best way for users to learn how to combat the growing threats on the internet.