Jerry machine is a vulnerable machine with Windows operating system among retired machines. It is expected to obtain user and root flags using these vulnerabilities.
Let’s perform a network scan with nmap to recognize the target machine.
Classic scan
Full port scan
As a result of network scanning we found that port 8080/tcp http Apache Tomcat/Coyote JSP engine 1.1 is open.
Here we are doing enumeration on port 8080.
We did not find much information here, let’s see if there are hidden files and directories with gobuster
Here we note that the /manager directory gives the default login screen.
Here we search for default passwords
The Github repo is remarkable
Here we are faced with a list of passwords, we try these
Here
Tomcat:s3cret
We saw that the Credential information was correct and you were able to log in
Here we create a payload in war file format using msfvenom to give us revershell, upload it to the other machine and listen to it in the back with nc and then run the payload we uploaded.
Then click on the created shell
we got shell on user nt authority\system
here we searched for user and root flags but could not find any interesting 😊
We saw the file “2 for the price of 1.txt” in the adminstrator desktop directory and when we read it we got 2 flags together.