Heartbleed came out not long after the time I began my journey into the security side of the house. I recall a box that I believe was vulnerable to the the Heartbleed attack but I wasn't seasoned enough to know what to do with it.
When I saw the name Valentine on this box, I knew it was a clue -- most of the names ARE clues but I didn't hone in on it until I saw the main page for the website.
The description of this box states:
"DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn."
I think this definitely falls into the beginner category. The entry is fairly obvious, hone that down to a specific vulnerability and you have your in. From there, enumerate carefully. Find the nugget and then figure out how to use it to your advantage.
That's all I'm saying for now...
Better late than never, I guess. I wanted to write this up a while back but I got distracted and by the time I returned to my notes, I felt like I'd lost the flow. I had the screenshots but when I looked at it, I could remember that I wanted to discuss a few points but I couldn't remember exactly what. Rather than just upload the images with some text, I decided to go back through it once more. But then I had an issue with the server where it was living and I ended up rebuilding the image. So it's been awhile. Moving on...
According to Wiki: "GlassFish is an open-source application server project started by Sun Microsystems for the Java EE platform and now sponsored by Oracle Corporation. The supported version is called Oracle GlassFish Server."
When I began poking around, the avenues of attack for GlassFish felt similar to Tomcat. When I searched for the difference, I came up with: "Tomcat is simply an HTTP server and a Java servlet container. Glassfish is a complete Java EE application server." So not exactly the same but perhaps they were built with a similar style.