Log4j Infrastructure

Automatically stand up an LDAP listener and webserver, then compile a Java payload that can be used to ingress and launch a Pneuma agent when exploiting CVE-2021-44228.

Execute this chain

Download Operator (1.7.1)
Learn about Operator

TTPs

Install Python3
Update Pneuma executors
Install Java Development tools
Generate Log4j exploit class
Start Python Webserver
Start LDAP Listener
Get EC2 public IP and hostname