OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security
Source: https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/

What is Log4J?

Log4J (or Log4J version 2) is an open source Java Library and one of the most popular Java logging frameworks. All versions of log4j-core from 2.0-beta9 to 2.14.1 are vulnerable to this vulnerability (CVE-2021–44228).

Why is it critical?

An attacker could gain unauthenticated Remote Code Execution (RCE) by exploiting this vulnerability. Also, payloads can…

What is Crypter?

A crypter is a software that can encrypt, obfuscate and manipulate malware or a RAT (Remote Access Tool) tool to potentially bypass security products such as anti-viruses.

Encryption Process

For creating a simple crpyter, I will be using the following process:

  • Generate a key with random characters & seed (32 characters hard-coded…

What is Polymorphism?

The polymorphism means the ability of an object to take on many forms. In computer science, the term polymorphism also means the ability of different objects/codes to respond in a unique way to the same functionality.

Shellcode Selection

I will use the following shellcode from the Shell-Storm to demonstrate the polymorphic shellcode:

Msfvenom Shellcode Analysis

Today I will analyze the following shellcode generated by the msfvenom, specifically in linux/x86:

  • linux/x86/exec — Execute an arbitrary command
  • linux/x86/shell_bind_tcp — Listen for a connection and spawn a command shell
  • linux/x86/shell_reverse_tcp — Connect back to attacker and spawn a command shell

1) linux/x86/exec

This msfvenom will execute an arbitrary command that…

What is Encoder?

In computer systems, an encoder can be used for various purposes. For example, Base64 encodes binary data into an ASCII characters which are known to pretty much every computer system. Or one may use an encoder to mangle their own code to potentially bypass a security product such as AV…

Unattended was a medium difficulty Linux box. Good learning path for:

  • Nginx off-by-slash Attack
  • SQLi (boolean-based Blind)
  • SQLi → LFI (Abusing Existing <?php include(); ?>)
  • LFI → PHP Session Poisoning → RCE
  • Socket TTY Shell
  • Linux initrd Exploit

Initial Recon

Nmap

#  nmap -Pn --open -T4 -sV -sC -p- 10.10.10.126Starting Nmap 7.80…

bigb0ss

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store