Hack The Box Jerry WalkThrough

The first step is to perform enumeration on the box using nmap

Seems like we got a web application run on apache tomacat

from the 3 main function “Manager app” links looks interesting. Clicking on it we get a dialogue box for authentication.

We can try the default credentials “admin” & “admin” as username and password. The credential failed but we got user credentials in the error message.

We logged in using the credentials and see a field where we can upload malware and perform an exploit

We looked into metasploit of they have any exploit for the manager upload exploit we can see that there is an exploit

“exploit/multi/http/tomcat_mgr_upload”

we selected the exploit and entered the credentials, RPORTand LHOST and RHOSTS into the options

We gained meterpreter shell into the box and checked the user we own

Now we traverse the whole system to find the text files containing

We see that we found a file within the flag folder on desktop we cas use the below command to view the file

type “2 for the price of 1.txt”