Vulnhub My Tomcat Host: 1 Walkthrough

The description states: "Welcome to 'My Tomcat Host'.  This boot to root VM is designed for testing your basic enumeration skills and concepts."

This is definitely a beginner box but as always, if you haven't played with the technology, it's new and could therefore be confusing. What I like about this box is that it sticks with the theme. 

We kick off with Nmap:

We sort of know where this is headed already given the title of the box but we'll scan it with Nikto for good measure:

Meanwhile, we open a browser to port 8080 and I'm heading straight to /manager because I have an idea as to where this is headed:

If you search for "Tomcat Users and Passwords", you will come across a number of posts that will give you some possible default credentials for various versions of Tomcat.  Among them will be --

tomcat : tomcat

When we enter the credentials into the above box, we get:

From here, we can upload a shell, we just need to generate said shell with msfvenom:

Now we can upload it into the Tomcat UI:

We select Deploy:

With our handler setup, we click the link:

And we catch our shell.  Enumerating the box, we run sudo -l and we discover:

This is what I like about the box - we are continuing with the Tomcat / Java theme.  We are able to execute this java binary with root privileges.  We need another shell, this time a .jar file which we will create with msfvenom:

We move our .jar file over with Curl and we execute it with Java:

With our handler setup:

That's a wrap!  Fun box and great if you've never played with Tomcat and Java.