Next cab off the rank when sorted by Pwnage is Jerry (after Lame). Again, I went into this one blind.
We’ve got one port only, 8080. This appears to be Windows, based on the TTL.
We’ve got Apache Tomcat 7.0.88, and as we will soon see it’s running on Windows Server 2012 R2.
7.0.88 is supposed to be vulnerable to a few things; in particular CVE-2019-0232. I try the Metasploit module but it doesn’t seem to want to work.
We can log into the Manager app with default creds; namely tomcat:s3cret. There is an authenticated MSF module but I don’t just want to sit here yeeting Metasploit at everything. Let’s go manual:
We can upload and deploy our WAR file using the Manager App in the browser, and with a listener:
Another fairly easy one. They aren’t this easy anymore!