a few bits on log4shell
- A vulnerable application: We used this vulnerable application created by security researcher Christophe
- POC exploit: We used JNDIExploit (a fork of JNDIExploit that is no longer available)
- Requires Java version 1.8.0_181, on ubuntu 18.04, you can install it by running:
sudo apt-get install ca-certificates-java libxtst6 libxi6 libxrender1 x11-common
wget https://launchpad.net/~openjdk-r/+archive/ubuntu/security-deletedppa/+build/15214178/+files/openjdk-8-jdk-headless_8u181-b13-0ubuntu0.18.04.1_amd64.deb
wget https://launchpad.net/~openjdk-r/+archive/ubuntu/security-deletedppa/+build/15214178/+files/openjdk-8-jre-headless_8u181-b13-0ubuntu0.18.04.1_amd64.deb
sudo dpkg -i openjdk-8-jre-headless_8u181-b13-0ubuntu0.18.04.1_amd64.deb
sudo dpkg -i openjdk-8-jdk-headless_8u181-b13-0ubuntu0.18.04.1_amd64.deb
sudo update-alternatives --config java