Morioh
Login
Kara Morissette

Kara Morissette

3 years ago

Introduction

Welcome to my third article. Today we will be looking at Jerry from HackTheBox. This is a realistic and very easy box. The article will again be similar to my first and second article, because I will provide some more information on the Box and why it is vulnerable. However, the following articles will not give as much information on the different tools that I will be using. You can look this up in my first article of the series. You can find cheat sheets and helpful information on the tools that Kali has to offer. This will save some time.

There is a list of OSCP-like boxes from TJ_Null which I would like to go through in my series. While looking for OSCP Tipps, I found some new cool tools which I will be trying out.

In my first two articles I used nmap as my first enumeration step with my own methodology. Based on the open ports I then used other tools to find vulnerabilities. This time I will be using a new tool that I discovered called nmapAutomator. It’s basically a script which runs several nmap scans and uses other tools like nikto, gobuster, etc. based on open ports. So let’s get right into it:

Setup

Before we start, a few words to my setup:

  • Kali Linux on a VM
  • Tilix: A tiling terminal emulator for Linux
  • Cherry Tree for note keeping, I would highly recommend the template from James Hall

Enumeration

Today we will be looking at Jerry from HackTheBox, so get your VPN up and running.

First, let’s start with enumeration in order to gain as much information about the machine as possible. This will be the first time for me using the nmapAutomator script. Because I’m not in a rush, I will be using the “All” parameter, which runs all the scans consecutively. This is the command:

./nmapAutomator.sh 10.10.10.95 All

It will probably take around 20–30 minutes for all the scans to finish, however the script starts with a quick scan at first, so we get some information after 13 seconds. Seems like only port 8080 with an Apache Tomcat is open. We’ll let the scan run in the background, so that nikto and gobuster can find some directories.

In the meantime we can take a look at the webpage on port 8080.

#kali-linux #security #hacking #web-app-security #pentesting

How To Hack: Jerry From HackTheBox

medium.com

How To Hack: Jerry From HackTheBox

Welcome to my third article. Today we will be looking at Jerry from HackTheBox. This is a realistic and very easy box. The article will again be similar to my first and second article, because I will provide some more information on the Box and why it is vulnerable.

1.50 GEEK