Hacking
GithubTwitter
Search…
Hacking
Hacking, Bug Bounties & Penetration Testing
The Hacker Lab
Methodologies
Basic Buffer Overflow
Basic Internal Network test
Basic Mobile Testing guide
Basic Subdomain Enumeration guide
Guides
Build A Raspberry Pi Dropbox
Golang
Powershell / PowerView
Hack The Box last updated - 2019
Legacy
Devel
Optimum
Popcorn
Beep
Tenten
Arctic
Cronos
Grandpa
Granny
October
Lazy
Sneaky
Holiday
Blocky
Shrek
Blue
Joker
Europa
Haircut
Bank
SolidState
Mantis
Shocker
Tally
Sense
Jeeves
Stratosphere
Inception
Bashed
Fluxcapacitor
Canape
Rabbit
Chatterbox
Nibbles
Sunday
Aragog
Valentine
Silo
Olympus
Poison
Celestial
Waldo
Jerry
Access
Active
Netmon
Powered By GitBook
Jerry

Jerry - 10.10.10.95

Target Enumeration:

OS: Microsoft Windows Server 2012 R2 Standard
IP: 10.10.10.95
User: 7004dbcef0f854e0fb401875f26ebd00
Root: 04a8b36e1545a455393d067e772fe90e

Vulnerability Exploited:

Default credentials set for tomcat manager running as system user.

Exploiting the host:

Nmap
Dirb
Default credentials for Tomcat login: tomcat: s3cret
Access the tomcat manager app
Create shell
Upload Shell via manager app
Now extract the war file to find the name of the payload
Open a nc listener on port 443 and access .jsp file via a web browser
Now you have an administrator shell
Grab your flags
Hack The Box last updated - 2019 - Previous
Waldo
Next - Hack The Box last updated - 2019
Access
Last modified 3yr ago
Copy link
Contents
Jerry - 10.10.10.95
Target Enumeration:
Vulnerability Exploited:
Exploiting the host: