Solar, Exploiting log4j

Solar, exploiting log4j
Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.

Task 1  CVE-2021-44228 Introduction

Read the above and deploy the target virtual machine.

No answer needed

We recommend you use TryHackMe's web-based AttackBox for these exercises, however instructions to exploit this locally are detailed. To start the AttackBox click the blue "Start AttackBox" button at the top of the page.

No answer needed

Task 2  Reconnaissance
Scan the machine to determine what ports are accessible.

No answer needed

What service is running on port 8983? (Just the name of the software)

Apache Solr

Task 3  Discovery
Take a close look at the first page visible when navigating to http://10.10.173.43:8983. You should be able to see clear indicators that log4j is in use within the application for logging activity. 
What is the -Dsolr.log.dir argument set to, displayed on the front page?

/var/solr/logs

One file has a significant number of INFO entries showing repeated requests to one specific URL endpoint. Which file includes contains this repeated entry? (Just the filename itself, no path needed)

solr.log

What "path" or URL endpoint is indicated in these repeated entries?

 /admin/cores

Viewing these log entries, what field name indicates some data entrypoint that you as a user could control? (Just the field name)

params

Task 4  Proof of Concept
No Answer Needed in Task 4

Task 5  Exploitation
What is the output of running this command? (You should leave this terminal window open as it will be actively awaiting connections)

listening on 0.0.0.0:1389

Task 6  Persistence
What user are you?

solr

Task 7  Detection
No Answer Needed for this Task

Task 8  Bypasses
No Answer Needed for this Task

Task 9  Mitigation
What is the full path of the specific solr.in.sh file?

/etc/default/solar.in.sh

Task-10 Patching
No Answer Needed for this Task

Task-11 Credits and Author’s Notes
No Answer Needed for this Task