Probably the easiest machine on Hack the Box ever; which also means this will be the shortest writeup ever too.

Enumeration

So we start as always with our nmap scan.

$ nmap -sC -sV -oA nmap/scan 10.10.10.95

The result is only a single port open, 8080. Browsing to that port shows a default Apache Tomcat installation, so let's run Nikto on it.

$ nikto -h http://10.10.10.95:8080

nikto

This gives us a very useful piece of information. The Tomcat Manager Application is available to us, and the default credentials have not been changed!

Exploit

Searchsploit shows us there is a remote code execution exploit for authenticated users using the Manager Application, so lets fire up Metasploit, choose our exploit and set the options.

metasploit-1

Fire the exploit off, and boom; NT AUTHORITY/SYSTEM straight away giving us immediate access to both flags.

exploit

Told you it would be short ;)