| created | modified |
|---|---|
2022-11-29 16:50:57 +0800 |
2022-12-05 17:48:05 +0800 |
Fofa api requires membership. I don't want to enroll.
You first test on your vulnerable machine/app, develop scanner, exploiter and listener, then mass exploit to millions.
All recorded here: hack_all_the_thing/tests/get_log4j_vuln
shodan query for log4j2 (or anything)
To generate password dictionary without oom: itertools.product(chrs, repeat=r)
search log4j2 in browser after login
info page of my first target (login first!)
Bing-upms the system used by my first target