تحميل "How Hackers Exploit Log4J to Get a Reverse Shell (Ghidra Log4Shell Demo) | HakByte"

On this episode of HakByte, @AlexLynd demonstrates a Log4Shell attack against Ghidra, and shows how a reverse shell can be established on compromised systems running the vulnerable Log4J Java framework. This framework runs on millions of Java powered devices and was recently exploited, exposing a dangerous vulnerability that uses a single line of code to hack vulnerable systems. Links: Ghidra 10.0.3 Download: https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0.3_build Log4Shell Demo: https://github.com/kozmer/log4j-shell-poc Alex's Twitter: https://twitter.com/AlexLynd Alex's Website: http://alexlynd.com Alex's GitHub: https://github.com/AlexLynd Alex's Youtube: https://youtube.com/AlexLynd Chapters: Intro @AlexLynd 00:00 What is Log4J? 00:16 Log4Shell Exploit Explained 00:40 Vulnerable Programs 01:11 Set up the Log4Shell Demo 02:33 Create a Webserver 03:11 Netcat Reverse Shell Listener 04:01 Set up Log4Shell Demo 05:01 Log4Shell String Explained 05:45 Ghidra Setup 06:24 Log4Shell Attack Demo 07:01 Netcat Reverse Shell 07:39 Outro 08:00 Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 Threat Wire RSS → https://shannonmorse.podbean.com/feed/ Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.