Log4j Exploit Step-By-Step

The log4j vulnerability still exists in many environments. Learn how to exploit this vulnerability in our step-by-step guide. Please only use this information for research and testing purposes, and only with permission!


This episode covers the Log4J exploit step-by-step, with a warning to only use the information responsibly. You can download the document referenced in this technical segment here.


  • Vulnerable Java applications are easy to find, with a pre-built container on VulHub.
  • The Log4J exploit is an entire Java application utilizing payloads to execute target commands.
  • The exploit comes with pre-written Java classes to be loaded into the target Java application to execute the payload.
  • It is essential to carefully choose commands to ensure that only intended targets are affected.
  • The JNDI exploit kit used in the Log4J exploit utilizes URLs placed inside target logs to give the attacker access to execute commands on the target machine.