log4shell-Lab-Walkthrough

Overview

This write-up documents the exploitation of the Log4Shell vulnerability (CVE-2021-44228) in the TryHackMe Solar room. The vulnerability exists in the widely used Java logging library Apache Log4j and allows Remote Code Execution (RCE) through crafted log messages.

What is Log4Shell ?

Log4Shell is a critical vulnerability that allows attackers to inject malicious payloads into log messages. When processed by Log4j, the payload triggers a request to an attacker-controlled server, leading to execution of arbitrary code.

Task 1 :

It provides a basic introduction to the Log4Shell vulnerability (CVE-2021-44228) found in the Java logging library Apache Log4j. It explains how improper handling of user input in logs can lead to Remote Code Execution (RCE).

The task focuses on understanding the impact and severity of the vulnerability before moving into practical exploitation.

Start the machine

Task 2 :

We need to find what service is running on the target machine by scanning the open ports.

we run the following command:

nmap -sV -p 8983

This command checks the service details on port 8983 and shows the version information.

After running the scan, the output shows that the service running on this port is Apache Solr.

Final Answer :

Apache Solr

Task 3 :

http://Machine_IP:8983, Check the front page to find the log directory value.

From the logs, we can find the file name in the task info download.

These are the URL endpoint is indicated in these repeated entries.

The field where user input are stored in

Task 4 :