Jerry -

Target Enumeration:

OS: Microsoft Windows Server 2012 R2 Standard
User: 7004dbcef0f854e0fb401875f26ebd00
Root: 04a8b36e1545a455393d067e772fe90e

Vulnerability Exploited:

Default credentials set for tomcat manager running as system user.

Exploiting the host:

Default credentials for Tomcat login: tomcat: s3cret
Access the tomcat manager app
Create shell
Upload Shell via manager app
Now extract the war file to find the name of the payload
Open a nc listener on port 443 and access .jsp file via a web browser
Now you have an administrator shell
Grab your flags