Ocelot Security

Search

Skip to content

[root@ocelot]-[~]$ whoami Ocelot Security

Search for:

Jerry

June 17, 2021 Ocel0t Leave a comment

Jerry is pretty easy but provides a great example as to the dangers of default credentials

Start with an nmap scan.

Okay this looks like a web server, lets visit it

Some good info here, it looks like a default webpage, use nikto and gobuster to enumerate further.

With our scans running in the background, poke around the website some more

Some more good info

here I am looking for php files, note the -x option.

Okay this is really bad, it looks like we can login to the server now

Look up a script for a reverse shell, here I am using the msfvenom generate java shell

Browse to the upload a file section and upload your reverse shell script, verify the new url.

Visit the page to execute

Our shell should connect to the target, looks like we have nt authority, very nice.

Now we are free to locate the flags. use the type command and quotes to get both!

Share this:

X
Facebook

Like Loading...

Related

Post navigation

Previous PostDevel Next PostNibbles

Leave a comment Cancel reply

Δ

Hacking Writeups and blog

[root@ocelot]-[~]$ whoami Ocelot Security
Intro to Pen Testing
Pen Testing AzureAD
Pen Test Workflow
Techniques
Labs
Github
Blog
Hack The Box
- Nibbles
- Jerry
- Devel
- Blue
- Lame
- Legacy
TryHackMe Writeups
- Pre-Security Path
- Pickle Rick
CEHv11

Comment
Reblog
Subscribe Subscribed
- Ocelot Security
- Already have a WordPress.com account? Log in now.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website

%d