Probably the easiest machine on Hack the Box ever; which also means this will be the shortest writeup ever too.


So we start as always with our nmap scan.

$ nmap -sC -sV -oA nmap/scan

The result is only a single port open, 8080. Browsing to that port shows a default Apache Tomcat installation, so let's run Nikto on it.

$ nikto -h


This gives us a very useful piece of information. The Tomcat Manager Application is available to us, and the default credentials have not been changed!


Searchsploit shows us there is a remote code execution exploit for authenticated users using the Manager Application, so lets fire up Metasploit, choose our exploit and set the options.


Fire the exploit off, and boom; NT AUTHORITY/SYSTEM straight away giving us immediate access to both flags.


Told you it would be short ;)