Jerry HTB

jerry

Reconnaisance

nmap result:- 

1
2
3
4
[*] Nmap: Not shown: 65534 filtered ports                                                                                                                                                    
[*] Nmap: PORT     STATE SERVICE VERSION                                                                                                                                                     
[*] Nmap: 8080/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1

got port 8080 is open and is running an apache tomcat server .

there is a default apache tomcat landing page on the port . also got the version of the server as Apache Tomcat/7.0.88

tomcat

ran gobuster on the server becacuse fuzz everything . and find all points in the server . then again

gobuster

going on /manager prompts for username and password .

manager

looking for default credentials for the apache tomcat with the tomcat_mgr_login metasploit module .

login

credentials username :- tomcat , password :- s3cret worked .
now have access to the manager panel of tomcat .

manager-panel

can upload a war directory here . cab try to create a reverse shell exploit with metasploit and upload here

used the tomcat_mgr_upload module of metasploit to get a reverse shell on my local .

reverse shell

got the flag 2 for 1

flags

本博客采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议(CC BY-NC-SA 4.0) 发布.
Page View
2020-12-12
⬆︎TOP