HacktheBox.eu - Jerry - Update Recon Let's use threader3000 for our recon scan. It's a threaded scanner writing in python that does a super quick up/down scan on all TCP ports, then suggests a nmap scan based on the results. It will automatically save the nmap scan results as XML, then we can convert it to HTML xsltproc ./jerry.htb/jerry.htb.xml -o ./jerry.html Ouch, not a lot to go on here. We just have port 8080 running apache tomcat/Coyote JSP version 1.1 Let's see if we can browse to the site. Looks like a generic Apache Tomcat page. There is authentication required for the buttons on the right. We get this error message It looks like the default user/pass should be tomcat/s3cret If we try this it does look like it works, we can get some more information about this box. Looks like we have a 64-bit Windows Server 2012 R2 box Google around for Tomcat 7.0.88 exploit and you will come across this blog https://www.ethicaltechsupport.com/blog-post/apache-tomcat-war-backdoor/
@circusmonkey404 on the twitters; DM for contact