JERRY
- Layout for this exercise:
1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Jerry, what is a retired machine from the Hack The Box pentesting platform:
https://www.hackthebox.eu
2 - ENUMERATION
- Jerry's IP is 10.10.10.95:
- Scanning with Nmap, there is only one open port 8080:
- Scanning deeper:
- So we have a web server running Apache-Coyote Tomcat 7.0.88 JSP engine 1.1 at port 8080.
- Connecting with the browser:
- Clicking any tab the user is prompted with a login form:
- However, when clicking Cancel the answer is a 401 Unauthorized error web page that reveals credentials information like tomcat:s3cret
3 - EXPLOITATION
- Another way to find valid credentials would be to use Metasploit's auxiliary module tomcat_mgr_login:
- Setting options:
- Running the module after a while finally same credentials than before are found:
.......................
- Metasploit provides a module to exploit an Apache Tomcat server with an exposed "manager" application vulnerability :
- Using this module:
- Setting options (using exposed credentials tomcat:s3cret) and running the exploit we get a Meterpreter session:
- Spawning a shell:
4 - CAPTURING THE FLAGS
- In this case both flags are in the same text file:
