How Hackers Exploit Log4J to Get a Reverse Shell (Ghidra Log4Shell Demo) | HakByte
226.7 هزار بار بازدید -
3 سال پیش
-
On this episode of HakByte,
On this episode of HakByte, https://www.seevid.ir/fa/result?ytch=UC92rvEjR-5ggjVUotRK8UQA demonstrates a Log4Shell attack against Ghidra, and shows how a reverse shell can be established on compromised systems running the vulnerable Log4J Java framework.
This framework runs on millions of Java powered devices and was recently exploited, exposing a dangerous vulnerability that uses a single line of code to hack vulnerable systems.
Links:
Ghidra 10.0.3 Download: https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0.3_build
Log4Shell Demo: https://github.com/kozmer/log4j-shell-poc
Alex's Twitter: https://twitter.com/AlexLynd
Alex's Website: http://alexlynd.com/
Alex's GitHub: https://github.com/AlexLynd
Alex's Youtube:
Chapters:
Intro https://www.seevid.ir/fa/result?ytch=UC92rvEjR-5ggjVUotRK8UQA https://www.seevid.ir/fa/w/lBxZL98uvdk
What is Log4J? https://www.seevid.ir/fa/w/lBxZL98uvdk
Log4Shell Exploit Explained https://www.seevid.ir/fa/w/lBxZL98uvdk
Vulnerable Programs https://www.seevid.ir/fa/w/lBxZL98uvdk
Set up the Log4Shell Demo https://www.seevid.ir/fa/w/lBxZL98uvdk
Create a Webserver https://www.seevid.ir/fa/w/lBxZL98uvdk
Netcat Reverse Shell Listener https://www.seevid.ir/fa/w/lBxZL98uvdk
Set up Log4Shell Demo https://www.seevid.ir/fa/w/lBxZL98uvdk
Log4Shell String Explained https://www.seevid.ir/fa/w/lBxZL98uvdk
Ghidra Setup https://www.seevid.ir/fa/w/lBxZL98uvdk
Log4Shell Attack Demo https://www.seevid.ir/fa/w/lBxZL98uvdk
Netcat Reverse Shell https://www.seevid.ir/fa/w/lBxZL98uvdk
Outro https://www.seevid.ir/fa/w/lBxZL98uvdk
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org/
Shop →
Subscribe →
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
3 سال پیش
در تاریخ 1400/09/25 منتشر شده
است.
226,787
بـار بازدید شده