Hi Motasem, can you explain how small and medium size companies become a victim of criminals exploiting this vulernability... how do they attack them? In case you have IDS/IPS and Endpoint threat prevention like DeepInstinct the risk profile can be reduced...
Attackers can scan public facing servers on the internet using Shodan for example and typically they look for Apache installations. They would use automated scanners or manually try sending payloads. If you are using IDS like snort or suricata, you can install alerts that would trigger when a request containing jndi is detected.
Bro one question , is it necessary that you must have to run your own ldap server , can we not make a java code that executes command or maybe that sends a reverse shell back to our ip and put that code inside our localhost then use ngrok , to make it work ?
I have no programming knowledge so I don't know how to do any of the things you did here. On a Windows 2016 server, how do I go about updating log4j or disabling JNDI. The files I found that have log4j on their name are : log4j2.xml, log4j-api-2.0-rc1.jar and log4j-core-2.0-rc1.jar.
Hi Motasem, can you explain how small and medium size companies become a victim of criminals exploiting this vulnerability... how do they attack them? In case you have IDS/IPS and Endpoint threat prevention like Deeplnstinct the risk profile can be reduced...
Thank ypu for your service in the war against scammers....
20:25 Just a tip: you can use ctrl+shift+T to reopen the recently closed tab in the browser
Hi Motasem, can you explain how small and medium size companies become a victim of criminals exploiting this vulernability... how do they attack them? In case you have IDS/IPS and Endpoint threat prevention like DeepInstinct the risk profile can be reduced...
Attackers can scan public facing servers on the internet using Shodan for example and typically they look for Apache installations. They would use automated scanners or manually try sending payloads. If you are using IDS like snort or suricata, you can install alerts that would trigger when a request containing jndi is detected.
Bro one question , is it necessary that you must have to run your own ldap server , can we not make a java code that executes command or maybe that sends a reverse shell back to our ip and put that code inside our localhost then use ngrok , to make it work ?
Nope there must be an LDAP Referral server as the payload sends lookups via LDAP protocol.
@@MotasemHamdan ty
That curl request is not connecting to my netcat server !!!
can we use burp collaborator link in this also?
I have no programming knowledge so I don't know how to do any of the things you did here. On a Windows 2016 server, how do I go about updating log4j or disabling JNDI. The files I found that have log4j on their name are : log4j2.xml, log4j-api-2.0-rc1.jar and log4j-core-2.0-rc1.jar.
See below link
github.com/corretto/hotpatch-for-apache-log4j2
What os and browser are you using??
Windows and chrome -- Main Host machine
بارك الله فيك
Good 😊
Hi
It's very effective
Thank u
Great !!!!!!!!!!!
God bless you
sen türkmüsnü Motasem Hamdan
Hello, No I am not but dil bilyorum :)
@@MotasemHamdan nasil
Tryhacme de türk yaziyo
@@bugrakarabudak7135 He’s a God, nobody can define that.
Sir did u have premium or hack version of tryhackme
Ok
wowww
Cool
💖💖💖💖
Wow
Top
😍
Sir did you have premium or free version of tryhackme
Premium but this room is free
osm
vishu
hi
❤️❤️❤️
ليه بتتكلم انجلش دايما Xd
Instax0r is real
Hi Motasem, can you explain how small and medium size companies become a victim of criminals exploiting this vulnerability... how do they attack them? In case you have IDS/IPS and Endpoint threat prevention like Deeplnstinct the risk profile can be reduced...
Can we use burp collaborator link in this also?