HackTheBox: Jerry Tomcat - Creds in Error Writeup
HackTheBox - Jerry
First, lets run nmap. The machine being named Jerry gave me an idea this would be a Tomcat server. Personally I have never developed on a Tomcat server. I saw some during my pentest internship. I thought it was old technology but it looks like the latest Tomcat Server update was 7 days ago.
I took Tomcat 7.0.88 and pasted that into Google. There is a CVE called "Tomcat RCE via JSP Upload Bypass" CVE-2017-12617. The metasploit module didn't work for me. I download a python script. It said my Tomcat server wasn't vulnerable.
I start googling default creds for the Tomcat Server. I hit cancel and got this error. I tried tomcat/s3cret as the username and password. That worked! Don't have your username and password in the error log :\
I then made a reverse shell and uploaded it was a WAR file.
I was automatically NT/System and could see the Administrator folder on Windows.
Comments
Post a Comment