Published On Dec 30, 2021
On this episode of HakByte, @AlexLynd demonstrates how to test if web applications are vulnerable to the Log4Shell exploit, using CanaryTokens. This video is sponsored by PCBWay, whose PCB manufacturing & assembly services can be found over at https://www.pcbway.com/.
Links:
Alex's Demo: https://github.com/AlexLynd/log4j-she...
Kozmer's Demo: https://github.com/Kozmer/log4j-shell...
Alex's Twitter: / alexlynd
Alex's Website: http://alexlynd.com
Alex's GitHub: https://github.com/AlexLynd
Chapters:
00:00 Intro @AlexLynd
00:15 What is Log4J?
00:23 What is Log4Shell?
00:58 CanaryTokens + Tools You'll Need
01:22 PCBWay Manufacturing Services
01:35 Register Log4Shell CanaryToken
03:05 Log4J Vulnerability Explained
03:42 Vulnerable WebApp Setup
06:05 User Agent Strings
08:05 Modifying the Browser User Agent
08:40 Testing the Log4Shell Vulnerability
09:34 CanaryTokens Log4Shell Monitor
10:48 Log4Shell String Explained
12:48 Outro
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darr...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/t...
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.