Chains
TTPs
Blog
Login
Prelude chain browser
Log4j Infrastructure
Automatically stand up an LDAP listener and webserver, then compile a Java payload that can be used to ingress and launch a Pneuma agent when exploiting CVE-2021-44228.
2022-01-13
Professional
This is a professional attack chain. A professional subscription automatically gives you access to this chain + 50 more, with direct integration inside of Operator.
Authors:
khyberspache, bartimus
Execute this chain
Download Operator (1.7.1)
Learn about Operator
TTPs
Install Python3
Update Pneuma executors
Install Java Development tools
Generate Log4j exploit class
Start Python Webserver
Start LDAP Listener
Get EC2 public IP and hostname
Tactics
Resource-development
Command-and-control
Discovery
Other chains in this theme
Spring4Shell
2022-04-21
Initial Access via Spring4Shell Exploit
Dirty Pipe CVE-2022-0847
2022-03-14
Allows an attacker to modify arbitrary read-only files.
LPE in polkit (CVE-2021-4034)
2022-01-26
An LPE in polkit's pkexec affecting all major distros since May 2009.