Post

HTB Windows Easy: Jerry

Jerry is an Easy rated Windows machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Windows Easy: Jerry

Nmap scan

Pasted image 20240714200549.png

Initial Foothold

Web enumeration (port 8080)

The /manager directory is found whilst doing directory busting. Pasted image 20240714200541.png

Visiting /manager results in a basic HTTP auth login prompt. Pasted image 20240714200530.png

The default credentials work to login tomcat:s3cret, in Metasploit we can use these credentials for an authenticated upload code execution vulnerability. Pasted image 20240714200525.png

Gain shell using metasploit

Select and configure exploit. Pasted image 20240714200516.png

Run the exploit to gain a shell. Pasted image 20240714200510.png

Get the flags. Pasted image 20240714200506.png

You have PWNED!!!

Pasted image 20240714200458.png

Sources

CTF, HTB
Windows Easy
This post is licensed under CC BY 4.0 by the author.