HTB Jerry writeup
Apr 11, 2022
Another old machine, but it’s always good to practice and learn new things.
- Add Jerry to our /etc/hosts file
2. nmap to see entry points
3. Visit URL since this box doesn’t have much open
4. Use DuckDuckGo (or your search engine of choice) to try default Tomcat creds
5. Success
6. We have the ability to upload war files. Let’s craft a payload with msfvenom
7. Upload our .war file
8. Set up a netcat listener on our local machine (or VM) nc -nvlp 4444 (or whatever open port you specified in Step 6). Click on /shell in the Tomcat UI
9. Poke around until you find the C:\Users\Administrator\Desktop path has a nice text file for us
