Dive into the fifth episode of a penetration testing tutorial series focused on exploiting the "Jerry" box. Learn to analyze scan results, explore open ports, and leverage Apache Tomcat default credentials. Master Burp Suite configuration and features, including intercepts, decoder, repeater, and intruder. Discover techniques for building default credential lists and using one-line for loops. Practice using Burp intruder to test credentials, explore Tomcat with found access, and generate WAR reverse shells. Gain insights into post-exploitation enumeration, file transfers with certutil, setting up Python HTTP servers, and improving shell capabilities.
Overview
Syllabus
- Introduction and box overview.
- Reviewing scan results.
- Exploring port 8080.
- Apache Tomcat default credentials.
- Configuring Burp Suite.
- Discussing Burp Suite intercepts, decoder, repeater, and intruder.
- Building out a default credential list.
- One line for loops for the win.
- Using Burp intruder to test for default credentials.
- Exploring Tomcat with found credentials.
- Enumerating Tomcat, generating WAR reverse shells, and getting a shell.
- Discussing post enumeration, certutil file transfers, Python HTTP servers, and improving a shell.
Taught by
The Cyber Mentor
