Jerry

Jerry - 10.10.10.95

Target Enumeration:

OS: Microsoft Windows Server 2012 R2 Standard

IP: 10.10.10.95

User: 7004dbcef0f854e0fb401875f26ebd00

Root: 04a8b36e1545a455393d067e772fe90e

Vulnerability Exploited:

Default credentials set for tomcat manager running as system user.

Exploiting the host:

Nmap

Dirb

Default credentials for Tomcat login: tomcat: s3cret

Access the tomcat manager app

Create shell

Upload Shell via manager app

Now extract the war file to find the name of the payload

Open a nc listener on port 443 and access .jsp file via a web browser

Now you have an administrator shell

Grab your flags