Jerry Walkthrough Without Metasploit- HackTheBox

So, First things first we’ll start with the nmap scan.

I scanned this without any flags. So it will by default scan top 1000 ports.

So we have only one port open 8080 http-proxy. Let’s enumerate this one.

It’s running Apache Tomcat/7.0.88 Webserver

I was reading an article yesterday about tomcat’s /manager panel. Lets see if this box has it set up!

10.10.10.95/manager

We dont have any creds yet though. I’ll keep on enumerating for abit and see if we can see anything useful that we can use on the admin panel.

Simple by closing the login prompt window I got this screen so lets check out a few options and also maybe try the default creds from a quick google search.

hahaha and we’re in using the suggested tomcat:s3cret creds dropped me into the admin panel

Let’s take a look around and see what we can do with the access. It looks like we can upload WAR files to the server. After a quick google search I found a tutorial for creating a war file reverse shells in metasploit. So without further ado.

We had make a payload now we will upload it and try to get a reverse shell.

Now, we are in :)

Let’s find the flags. Go to C:\Users\Administrator\Desktop\flags

Now type “2 for the price of 1.txt” and you get your flags.