How To Hack: Jerry From HackTheBox

How To Hack: Jerry From HackTheBox

Welcome to my third article. Today we will be looking at Jerry from HackTheBox. This is a realistic and very easy box. The article will again be similar to my first and second article, because I will provide some more information on the Box and why it is vulnerable.

Introduction

Welcome to my third article. Today we will be looking at Jerry from HackTheBox. This is a realistic and very easy box. The article will again be similar to my first and second article, because I will provide some more information on the Box and why it is vulnerable. However, the following articles will not give as much information on the different tools that I will be using. You can look this up in my first article of the series. You can find cheat sheets and helpful information on the tools that Kali has to offer. This will save some time.

There is a list of OSCP-like boxes from TJ_Null which I would like to go through in my series. While looking for OSCP Tipps, I found some new cool tools which I will be trying out.

In my first two articles I used nmap as my first enumeration step with my own methodology. Based on the open ports I then used other tools to find vulnerabilities. This time I will be using a new tool that I discovered called nmapAutomator. It’s basically a script which runs several nmap scans and uses other tools like nikto, gobuster, etc. based on open ports. So let’s get right into it:

Setup

Before we start, a few words to my setup:

  • Kali Linux on a VM
  • Tilix: A tiling terminal emulator for Linux
  • Cherry Tree for note keeping, I would highly recommend the template from James Hall

Enumeration

Today we will be looking at Jerry from HackTheBox, so get your VPN up and running.

First, let’s start with enumeration in order to gain as much information about the machine as possible. This will be the first time for me using the nmapAutomator script. Because I’m not in a rush, I will be using the “All” parameter, which runs all the scans consecutively. This is the command:

./nmapAutomator.sh 10.10.10.95 All

It will probably take around 20–30 minutes for all the scans to finish, however the script starts with a quick scan at first, so we get some information after 13 seconds. Seems like only port 8080 with an Apache Tomcat is open. We’ll let the scan run in the background, so that nikto and gobuster can find some directories.

In the meantime we can take a look at the webpage on port 8080.

kali-linux security hacking web-app-security pentesting

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Learn Ethical Hacking using Kali Linux | Ethical Hacking Tutorial

This Edureka video on "Ethical Hacking using Kali Linux " will help you understand all about penetration testing, its methodologies, and tools.

How long does it take to develop/build an app?

This article covers A-Z about the mobile and web app development process and answers your question on how long does it take to develop/build an app.

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Best Web App Ideas To Make Money In 2021 - Application Startup Guide

14 Cool Web App Ideas for application business to make money. Coming up with more profitable Startup Web App Ideas in 2021.

Ethical Hacking: Introducing Kali Linux

Kali Linux is a purpose built security operating system with a large variety of popular penetration testing tools. Ethical Hacking: Introducing Kali Linux