Attacking Common Applications - Attacking Tomcat

HTB Content Academy
1

Hey all, im currently stuck on attacking tomcat in the attacking common applications module.

I’ve managed to do everything but find the final flag.txt. I got access to a web shell, but after searching all locations that i would see as valuable directories, i cannot find the flag.

I’ve also skimmed through other directories like bin, etc, opt, tmp, to see if there’s anything but no luck.

Is it possible that i’ve ended up in the wrong location with the web shell or i’m just looking in the wrong place?

Thanks

1 Like
2

Hey, did you find folder tomcat is running?

4

some files are hidden

5

If you can’t find password, just reset the host “IP”
and do login brute force again, you should now get it

for the flag you can find it in /opt/tomcat/____/____/____/____/
or you can use search in Meterpreter