Pen-testing: HackTheBox— Jerry Walkthrough

Syscall59
Syscall59
Nov 17, 2018 · 2 min read

As usual, we can start with an nmap scan :

Going to tcp:8080 we see a tomcat server in which we are able to log in using the default credentials “tomcat:s3cret”. We can easily find default/common credentials on the internet. This time, in particular, I got them from here

this is how the management screen looks like after we log in

As we now have full control over the server we can generate a .war payload using msfvenom, deploy that and get a session:

getting the payload
here’s where you can upload/deploy new .war files

Once the payload is deployed we have to start a multi/handler listener on our machine to catch the session, then go to 10.10.10.95:8080/deploy and get our meterpreter session running as SYSTEM!

And that’s it! We got root!


syscall59

Shellcode for the masses

Syscall59

Written by

Syscall59

Twitter: @syscall59 | medium.syscall59.com | syscall59@protonmail.com

syscall59

syscall59

Shellcode for the masses