Log4j RCE

This exercise covers the exploitation of the Log4j vulnerability by requiring users to set up a malicious LDAP server, compile a custom Java class, and use specific payloads to trigger the exploit. The lab begins with instructions on setting up the LDAP server using Marshalsec and provides the necessary code for the malicious class, which needs to be compiled and hosted on an HTTP server.

Participants are guided through the process of running the LDAP server and configuring it to redirect to the HTTP server hosting the malicious class. The exploitation is triggered by sending a crafted request with the Log4j payload, demonstrating how the vulnerability can be leveraged to gain code execution. This lab is a hands-on exercise designed to deepen understanding of the Log4j vulnerability and its potential impact on systems.