Hack The Box :: Jerry
Published in
Oct 16, 2020
Default credentials
Run nmap and get the service running on 8080
dirb to get the folders in particular /manager
Cancelling the basic http auth box gives us the default credentials and they work. The manager page gives us the option to upload a war file.
Lets generate the war reverse shell using msfvenom
And run the uploaded war file
And we get system shell.