Hacking
Hacking
Github
Twitter
Hacking & Penetration Testing
Commands
Methodologies
Buffer Overflow
Internal Network
Mobile Testing
Subdomain Enumeration
Web Application Testing
XSS
OOB
IDOR / PrivEsc
Misc
CSRF
XML
SQL
XML External Entities
Commands
Windows Commands
Guides
Mac OS Build
Build A Raspberry Pi Dropbox
Configuring Burpsuite Pro
BugBounty
Manual SQL Injection
Courses
Hack The Box
Legacy
Devel
Optimum
Popcorn
Beep
Tenten
Arctic
Cronos
Grandpa
Granny
October
Lazy
Sneaky
Holiday
Blocky
Shrek
Blue
Joker
Europa
Haircut
Bank
SolidState
Mantis
Shocker
Tally
Sense
Jeeves
Stratosphere
Inception
Bashed
Fluxcapacitor
Canape
Rabbit
Chatterbox
Nibbles
Sunday
Aragog
Valentine
Silo
Olympus
Poison
Celestial
Waldo
Jerry
Access
Active
Netmon
Powered by GitBook

Jerry

Jerry - 10.10.10.95

Target Enumeration:

OS: Microsoft Windows Server 2012 R2 Standard

IP: 10.10.10.95

User: 7004dbcef0f854e0fb401875f26ebd00

Root: 04a8b36e1545a455393d067e772fe90e

Vulnerability Exploited:

Default credentials set for tomcat manager running as system user.

Exploiting the host:

Nmap

Dirb

Default credentials for Tomcat login: tomcat: s3cret

Access the tomcat manager app

Create shell

Upload Shell via manager app

Now extract the war file to find the name of the payload

Open a nc listener on port 443 and access .jsp file via a web browser

Now you have an administrator shell

Grab your flags

Hack The Box - Previous
Waldo
Next - Hack The Box
Access
Last updated 1 year ago
Contents
Jerry - 10.10.10.95
Target Enumeration:
Vulnerability Exploited:
Exploiting the host: