cybersecurity · beginner · ~10 min · safe pentest lab

Flag a Log4Shell JNDI marker

Case-insensitive marker detection in a log line.

Challenge

Your job

int has_jndi_marker(const char *line);

Return 1 if line contains the (case-insensitive) literal ${jndi:, otherwise 0 (NULL → 0).

(Heavily obfuscated variants like ${${::-j}ndi: are harder and out of scope — this catches the common literal form. The lesson covers why obfuscation makes substring detection insufficient on its own.)

Hints

Case-insensitive substring search.
Compare each window against ${jndi:.

Why this matters

The Log4Shell signature ${jndi: in a log line is a high-signal indicator of an exploitation attempt. A detector flags it for review.

Starter code

int has_jndi_marker(const char *line) {
    /* TODO */
    (void)line;
    return 0;
}

Common mistakes

Case-sensitive matching (misses ${JNDI:). Matching bare 'jndi'. Forgetting NULL.

Edge cases to handle

Mixed case. Other ${...} lookups (env, sys) must not match.

Complexity

O(n×len(needle)).

Background lessons

Detect failed-login bursts in auth.log

Up next

Compute a CRC-32 checksum

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.