Dissecting a Log4Shell Attack #3
Comments
|
Seems like he went dead. LDAP server is still up, but the http is dead. I saw this on my Windows modded server but I'm not even sure it'd have worked anyway. Also, I tried the vulnerability test from log4shell.huntress.com, and nothing came out of it. If I ran that specific ldap url and token they provide for my session thru ldapsearch, it doesn't show anything nor on its output, nor on the web interface itself. Not sure if that works or not. |
|
The HTTP server running on port 8000 does appear to be down. Interestingly enough, an observant Redditor managed to identify the binary an open-source reverse ssh daemon, originally written for CTF challenges. All in all, the rather sloppy execution of the attack leaves me a little confused as to what the attacker's goal might be. |
|
Interesting. Well, seems like my modded server is safe because the owners of the mod pack told me that this version doesn't have any of these issues (I have to believe them!) on TeamAOF/All-of-Fabric-4#158. |
|
one wouldn't really expect ldapsearch to yield anything on your local machine - in log4shell the attacker is the one who hosts the malicious LDAP server that leads clients to download the exploit class. as for testing for the vulnerability, I haven't used the log4shell.huntress.com tool, but it appears to work in a similar way to most other scanners. If it returns a negative and you've also confirmed that the server JARs you're using are patched, I think it is reasonably safe to say that you are not vulnerable. |
|
bitcraft |
|
fyi this is the ip they're using as of now https://www.abuseipdb.com/check/185.233.105.120 |
Dissecting a Log4Shell Attack
Ever since the beginning, Log4Shell has been inseperably tied to Minecraft servers. In this post, I take apart one such attack and see what makes it tick.
https://blog.bithole.dev/log4shell-mc.html
The text was updated successfully, but these errors were encountered: