Pen-testing: HackTheBox— Jerry Walkthrough

Syscall59
Syscall59
Nov 17, 2018 · 2 min read

As usual, we can start with an nmap scan :

Going to tcp:8080 we see a tomcat server in which we are able to log in using the default credentials “tomcat:s3cret”. We can easily find default/common credentials on the internet. This time, in particular, I got them from here

this is how the management screen looks like after we log in

As we now have full control over the server we can generate a .war payload using msfvenom, deploy that and get a session:

getting the payload
here’s where you can upload/deploy new .war files

Once the payload is deployed we have to start a multi/handler listener on our machine to catch the session, then go to 10.10.10.95:8080/deploy and get our meterpreter session running as SYSTEM!

And that’s it! We got root!


syscall59

Hacking/Infosec writeups and articles

Syscall59

Written by

Syscall59

Twitter: @syscall59 | medium.syscall59.com | syscall59@protonmail.com

syscall59

syscall59

Hacking/Infosec writeups and articles

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade