I'm attempting to recreate the famous Log4j vulnerability with Minecraft. I've been following this video, and I had some success in getting the vulnerability to work just before Christmas. I've revisited it just today, and now cannot get anything to work. The only difference between these days is a Windows update that ran on the computer hosting the Minecraft client (the one I'm using to send the malicious message). I didn't believe that this would impact anything, but it seems to have done something, as the malicious messages now do nothing.
Also noteworthy: I had some success getting the server (old vulnerable version of paperMC as provided in the video) to "exploit itself" by using the /say command in the server's terminal directly, however even this seems to have broken, despite the server never updating
Did someone patch some software very recently? I can provide much more detail if necessary.
Thank you!
[link] [comments]
from hacking: security in practice https://ift.tt/3pytAj1
Comments
Post a Comment