Bonus! Red Log4Jack
Details
- Location: North Pole
- Elf: Bow Ninecandle
Troll's Objective Message
Hey, I'm Icky McGoop. Late? What's it to you? I got here when I got here. So anyways, I thought you might be interested in this Yule Log4Jack. It's all the rage lately. Yule Log4Jack is in a ton of software - helps our big guy keep track of things. It's kind of like salt. It's in WAY more things than you normally think about. In fact, a vulnerable Solr instance is running in an internal North Pole system, accessible in this terminal. Anyways, why don't you see if you can get to the yule.log file in this system?
This terminal is located at the North Pole. This terminal challenge helps and walks you through utilizing scripts to exploit the Log4J vulnerabilty. The walk-through for this terminal challenge is provided here. This walk-through is provided by Josh Wright.
To complete the terminal challenge you need to complete the following:
As you complete the walk-through you may see something like this:
When you compromise the webserver, you run cat /home/solr/kringle.txt
to see the content of /home/solr/kringle.txt
.
Answer
runtoanswer patching