Jerry machine is a vulnerable machine with Windows operating system among retired machines. It is expected to obtain user and root flags using these vulnerabilities.
Let’s perform a network scan with nmap to recognize the target machine.
Classic scan

Full port scan

As a result of network scanning we found that port 8080/tcp http Apache Tomcat/Coyote JSP engine 1.1 is open.
Here we are doing enumeration on port 8080.

We did not find much information here, let’s see if there are hidden files and directories with gobuster

Here we note that the /manager directory gives the default login screen.

Here we search for default passwords

The Github repo is remarkable
Here we are faced with a list of passwords, we try these

We saw that the Credential information was correct and you were able to log in

Here we create a payload in war file format using msfvenom to give us revershell, upload it to the other machine and listen to it in the back with nc and then run the payload we uploaded.

Then click on the created shell

we got shell on user nt authority\system
here we searched for user and root flags but could not find any interesting 😊

We saw the file “2 for the price of 1.txt” in the adminstrator desktop directory and when we read it we got 2 flags together.