Jerry
A simple Windows box with weak tomcat credentials.
Last updated
A simple Windows box with weak tomcat credentials.
Last updated
This box can be found .
Initial nmap scan reveals that port 8080 is open. Let's take a look.
It looks like we have tomcat installed. Let's check out the /manager page.
We need to authenticate, let's see if we have some default credentials here. I'll use a Metasploit module (search "tomcat login" to find it) to find this out.
Let's fill the RHOST option and run the module.
We indeed have some default credentials! Let's login and see what we have.
It seems we can upload a .war file here. I'll use msfvenom to generate a reverse shell that we can use to connect to the machine.
Once the .war file generated, we can upload it to the site.
Now, all we have to do is open a terminal on our machine and nc -lnvp 4444. Then, access the endpoint where our shell is located and we should have a shell!
We now have a shell as SYSTEM on the machine! All that's left is finding the flags.
And we have both flags located in the Administrator's Desktop!
