On this episode of HakByte, Alex Lynd demonstrates a Log4Shell attack against Ghidra, and shows how a reverse shell can be established on compromised systems running the vulnerable Log4J Java framework.
This framework runs on millions of Java powered devices and was recently exploited, exposing a dangerous vulnerability that uses a single line of code to hack vulnerable systems.
To support the HakByte show, check out our webstore at
Links:
Ghidra 10.0.3 Download:
Log4Shell Demo:
Alex’s Twitter:
Alex’s Website:
Alex’s GitHub:
Alex’s Youtube:
Chapters:
Intro 00:00
What is Log4J? 00:16
Log4Shell Exploit Explained 00:40
Vulnerable Programs 01:11
Set up the Log4Shell Demo 02:33
Create a Webserver 03:11
Netcat Reverse Shell Listener 04:01
Set up Log4Shell Demo 05:01
Log4Shell String Explained 05:45
Ghidra Setup 06:24
Log4Shell Attack Demo 07:01
Netcat Reverse Shell 07:39
Outro 08:00
Hak5 — Cyber Security Education, Inspiration, News & Community since 2005:
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site →
Shop →
Subscribe →
Support →
Contact Us →
Threat Wire RSS →
Threat Wire iTunes →
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
