Hack The Box - Jerry
Published November 17, 2018Box Info
Box profile: Jerry
OS: Windows
Maker: mrh4sh
Release date: June 30, 2018
Retire date: November 17, 2018
Own date: July 24, 2018
Introduction
Jerry.
Initial Enumeration
There's a default Apache Tomcat web page on port 8080. Logging in unsuccessfully gives us example credentials.
Default Credentials
Log in with the example credentials. Upload WAR shell. Use shell.
Conclusion.
Jerry is dead. Long live Access.
On a more serious note, Jerry was a decent beginner box that suffered the unfortunate problem of perhaps being too easy. A lot of people took advantage of it by changing the login credentials, making life hard for other people who wanted to legitimately get into the box, and in turn welcoming them to HTB with an air of toxicity. To those people: Shame on you.
Thankfully, we now have a few other, perhaps more friendly boxes to recommend to newcomers. For anyone looking for a place to start, Access is well within the reach of a beginner without being painfully easy.