Jerry

Gaining Access

Nmap scan:

There is a vulnerable version of Tomcat running on this machine

Tomcat RCE

The Tomcat instance here is vulnerable to RCE. To exploit this, we would need access to the /manager endpoint to upload WAR reverse shells.

For this, we can attempt to access it to see the default credentials.

Was a bit lazy, hence used msf to solve this box and gain a root shell instantly.

PreviousIrkedNextKnife