hxpctf 2021 Log 4 Sanity Check Write UP

Take a brief look at the structure of the file，just reverse Vuln.class,we got source

import org.apache.logging.log4j.Logger;
import java.util.Scanner;
import org.apache.logging.log4j.LogManager;

//
// Decompiled by Procyon v0.5.36
//

public class Vuln
{
    public static void main(final String[] array) {
        try {
            final Logger logger = LogManager.getLogger((Class)Vuln.class);
            System.out.println("What is your favourite CTF?");
            final String next = new Scanner(System.in).next();
            if (next.toLowerCase().contains("dragon")) {
                System.out.println("<3");
                System.exit(0);
            }
            if (next.toLowerCase().contains("hxp")) {
                System.out.println(":)");
            }
            else {
                System.out.println(":(");
                logger.error("Wrong answer: {}", (Object)next);
            }
        }
        catch (Exception x) {
            System.err.println(x);
        }
    }
}

Obviously the latest log4j vulnerability，just try for this

we got worng，so ，let see about Dockerfile

I got know，flag is in  environment .

lets do this。

got flag！