#readwise # Unified Write-up  ## Metadata - Author: [[Hack The Box]] - Full Title: Unified Write-up - URL: https://readwise.io/reader/document_raw_content/295209663 ## Summary This write-up explains how to exploit the Log4J vulnerability in the UniFi network monitoring system. By manipulating certain commands, attackers can gain unauthorized access and obtain a reverse shell on the machine. The process also includes changing the administrator's password to access sensitive information. Finally, it highlights using tools like Nmap and MongoDB to facilitate the attack. ## Highlights JNDI is the acronym for the Java Naming and Directory Interface API . By making calls to this API, applications locate resources and other program objects. A resource is a program object that provides connections to systems, such as database servers and messaging systems. ([View Highlight](https://read.readwise.io/read/01js7qarqfe0pt3a7bb2mfp330)) --- LDAP is the acronym for Lightweight Directory Access Protocol , which is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over the Internet or a Network. The default port that LDAP runs on is port 389 . ([View Highlight](https://read.readwise.io/read/01js7qb43y5ccw7fkfktv7jeq6)) --- `tcpdump` is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. ([View Highlight](https://read.readwise.io/read/01js7qcbrtdnd6c905dsyd2bt2)) ---