LogForge
LogForge
LogForge 428
LogForge
RETIRED MACHINE

LogForge

LogForge - Linux Linux
LogForge - Medium Medium

4.8

MACHINE RATING

558

USER OWNS

512

SYSTEM OWNS

23/12/2021

RELEASED
Created by ippsec & Rayhan0x01

Machine Synopsis

LogForge was is box that developed for the Ultimate Hacking Championship event which focused on the Log4j / Log4Shell exploit. To start, there’s an Orange Tsai attack against how Apache is hosting Tomcat, allowing the bypass of restrictions to get access to the manager page. From there, I’ll exploit Log4j to get a shell as the tomcat user. With a foothold on the machine, there’s an FTP server running as root listening only on localhost. This FTP server is Java based, and reversing it shows it’s using Log4j to log usernames. I’ll exploit this to leak the environment variables used to store the username and password needed to access the FTP server, and use that to get access to the root flag. The password also works to get a root shell. In Beyond Root I’ll look at using netcat to read the LDAP requests and do some binary reverse engineering of LDAP on the wire.

Machine Matrix

Ready to start your
hacking journey?