In this lab, you will look at the different stages of the Log4Shell exploit. You will start by examining the primary log4j vulnerability CVE-2021-44228, including the setup of a custom vulnerable web server, as well as getting a reverse shell into a vulnerable version of Apache Solr. You will then upgrade to log4j version 2.15.0 and explore CVE-2021-45046. You will do the same for CVE-2021-45015 and CVE 44832 before finally updating to log4j 2.17.1.
Prerequisites
You should have a good amount of familiarity with the Unix command line.
Expected Duration
2.0 hours, self-paced. Pause and continue at any time.
2.0 CPEs awarded on successful completion.
