HackTheBox: Jerry Tomcat - Creds in Error Writeup

HackTheBox - Jerry

First, lets run nmap. The machine being named Jerry gave me an idea this would be a Tomcat server. Personally I have never developed on a Tomcat server. I saw some during my pentest internship. I thought it was old technology but it looks like the latest Tomcat Server update was 7 days ago.

I took Tomcat 7.0.88 and pasted that into Google. There is a CVE called "Tomcat RCE via JSP Upload Bypass" CVE-2017-12617. The metasploit module didn't work for me. I download a python script. It said my Tomcat server wasn't vulnerable.

I start googling default creds for the Tomcat Server. I hit cancel and got this error. I tried tomcat/s3cret as the username and password. That worked! Don't have your username and password in the error log :\

I then made a reverse shell and uploaded it was a WAR file.

I was automatically NT/System and could see the Administrator folder on Windows.

Comments

Popular posts from this blog

Palo Alto for GNS3 CCDC Tutorial

Trace Labs Global Missing Persons CTF V

Release of CCDC ISE Manager Website