Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Log4j – Zero-day vulnerability

  • Home
  • Blog Details
December 21 2021
  • Blog
How A Hacker Exploits Log4j vulnerability
How A Hacker Exploits Log4j

WHAT IS Log4j?

Log4j is a java-based logging framework that is fast, dependable, and flexible. Officially called as Log4shell is a Java logging API that is open source and used by the developers to keep track of activity records.

What is Log4j?
Log4j

Log4j is one of many building blocks used in the development of modern software. Many organisations use it to perform a common but critical tasks. It is referred to as a software library.

Developers use Log4j to track what happens in their software applications or online services. It’s essentially a massive log of a system’s or application’s activity. This activity is known as logging, and it is used by developers to keep an eye out for problems that users may encounter.

How to determine whether your system logs are affected?

One can determine whether the system’s logs are exploited by checking outbound traffic. The user must also check for abnormal traffic on port 80,443. If the user has Linux, he can check using grep/rep commands.

Developers have already made scripts to automatically scan systems for vulnerable installations, which can be found on github or other repositories.

A newer version log4j‘s , 2.16.0, has patched the issue, but the problem is where you have to apply the fix. Given the popularity of Java, lot of third-party tools and scripts may use it, this make it harder for the end user to find the vulnerability on his system.

The exploitation of log4j vulnerability

Security responders are working feverishly to patch the bug, which can be easily exploited to remotely take control of vulnerable systems.

Hackers are actively searching the internet for infected systems. Some have already created tools that attempt to exploit the bug automatically, as well as worms that can spread autonomously from one vulnerable system to another under the right conditions.

There is no need for complicated lines of code to be used to exploit a vulnerability. The following single line is appended to any Log4j input (it can be HTTP-user agent, data sent from the HTTP POST form) will prompt the exploit code to work.

Log4j exploit code
Exploitation of log4j vulnerability

The server responds to directory information that contains the malicious java class.

Most WAFs were vulnerable to the same payload. MODSHIELD SB was updated with the new patch that averts this zero-day attack.

Log4j payload - Areas that are vulnerable
Areas that are vulnerable

What information can be extracted?

Data that can be extracted with Log4j
Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver