Vulnhub My Tomcat Host: 1 Walkthrough

    The description states: "Welcome to 'My Tomcat Host'.  This boot to root VM is designed for testing your basic enumeration skills and concepts."

    This is definitely a beginner box but as always, if you haven't played with the technology, it's new and could therefore be confusing. What I like about this box is that it sticks with the theme. 

    We kick off with Nmap:

    We sort of know where this is headed already given the title of the box but we'll scan it with Nikto for good measure:

    Meanwhile, we open a browser to port 8080 and I'm heading straight to /manager because I have an idea as to where this is headed:

    If you search for "Tomcat Users and Passwords", you will come across a number of posts that will give you some possible default credentials for various versions of Tomcat.  Among them will be --

    tomcat : tomcat

    When we enter the credentials into the above box, we get:

    From here, we can upload a shell, we just need to generate said shell with msfvenom:

    Now we can upload it into the Tomcat UI:

    We select Deploy:

    With our handler setup, we click the link:

    And we catch our shell.  Enumerating the box, we run sudo -l and we discover:

    This is what I like about the box - we are continuing with the Tomcat / Java theme.  We are able to execute this java binary with root privileges.  We need another shell, this time a .jar file which we will create with msfvenom:

    We move our .jar file over with Curl and we execute it with Java:

    With our handler setup:

    That's a wrap!  Fun box and great if you've never played with Tomcat and Java.

    © 2020