Today we will be doing hackthebox jerry since tom wasn’t available to play with. I thought I will try something different so downloaded autorecon.
Autorecon is an excellent tool for scanning. It might be a bit slow but it does a lot. So yea I think if you have enough time in your hand, it’s an excellent tool to checkout.
As you can see it started scanning using different programs. It took me around 33 minutes. 33 minutes a lot but yea it depends. I gave only 2GB ram to kali, might be one reason it was slow. but overall I think it’s an excellent tool
so we got few directories we need to check.
It was password protected but as soon as I hit cancel default username and password was there. At first, I thought work but gave it a try and I was in.
Found a place to upload a war file. It’s always nice to see these kinds of things out in the open.
generated a reverse shell using msfvenom. uploaded it and ran in with netcat listening to it
I didn’t have to escalate privileges since it went straight to Administrative user.
There was nothing special in this box. But I didn’t know much about apache tomcat so learned something new.