We have only one port 8080 open.
Checked on browser and found that it is apache tomcat web server. Tried to login with default password but nothing works
also, it throws an error which is having very interesting line related to user credentials.
By using user credentials: - username="tomcat" password="s3cret" into server status we will be logged in.
We clicked on "list applications " and found a place to upload a web application as WAR file.
We created a web application and inbuilt reverse shell with the help of msfvenom and uploaded as a war file into this server.
Started a nc listner on my kali machine and loaded the recently uploaded web application on the browser and we have successfully spawned the shell.
here we have flags also: -
Comments
Post a Comment