11 April 2021

Pentesting Fun Stuff

following the cyber security path…


Starting with a port scan.

That’s not much. Looks like a Apache Tomcat server is running. When looking at the main page there is a version number.

I forgot the -O flag. From the htb page I knew it was a windows machine, but nmap thinks it is running on a Windows server 2012 (R2).

Its version is “Version 7.0.88, May 7 2018”.

Looks like the enumeration tool found some credentials.

On this page there is an option to upload a war file.

wow…..that was quick.
Now for the flags.

And done.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.