HackTheBox - Unified Writeup
Unified is the new starting point machine that HacktheBox released. This machine heavily focus on new vulnerabilities that had been discussed all across the world. This vulnerability is from the java logging library, Log4J (CVE-2021-44228). How we can exploit the Unifi application, especially version 6.4.54 with using the Rogue-JNDI application. Which is a malicious server that allows us to receive the connection and do some nasty injections.
February 19, 2022 1 min read CVE-2021-44228 unifi-6.4.54 log4j tcpdump rogue-jndi mongodb-checking-is-running mongodb mongodb-dump mongodb-update generate-sha512-hash upgrade-shell-using-script