HackTheBox - Jerry walkthrough

In this hack the box video we discuss a new tool called AutoRecon as well as teach you how to install and use it. We then use AutoRecon to enumerate the hackthebox box called Jerry. Upon competing out AutoRecon enumeration we find Jerry has an Apache tomcat web server running, we then use a tool called hydra to crack the password to gain access to the web server. After that we discover that we can upload .war files. Using msfvenom we craft a malicious .war file to upload to Jerry, we then use mfsconsole to set up a reverse_tcp handler. We then upload the .war file and execute it on the hackthebox box, which gives up a root meterpreter session on the box. From there we are able to retrieve both the root.txt and user.txt files. This is a hack the box jerry walkthrough hope you guys enjoy! https://www.patreon.com/awakengaming Discord: https://discord.gg/nf4bVUG Twitter: @awakengaming83 Music: I Saw A Ghost Last Night By: Leonell Cassio license: Creative Commons — Attribution-ShareAlike 3.0 Unported Links to music: bit.ly/ISawAGhostLastNight-FreeDL-Streaming bit.ly/ISawAGhostLastNight-Youtube bit.ly/ISawAGhostLastNight-Spotify bit.ly/ISawAGhostLastNight-iTunes 0:00 - Intro 0:20 - Installing AutoRecon 3:00 - Using AutoRecon 4:20 - AutoRecon Results 9:28 - Using Hydra to get password 12:00 - Logging in/initial foothold 13:10 - Crafting package with msfvenom 19:00 - Getting Shell back 19:44 - Finding Root and User Flags 20:30 - Outro #HTB #hackthebox #jerry # walkthrough #msfvenom #AutoRecon #hydra