Jerry WriteUp | HackTheBox

• Hi guys ! Today, I will solve Jerry with multiple ways by using multi/handler module in Metasploit Framework and I will create a payload manually through msfvenom as a hybrid-manual exploitation approach.

Before I had started let’s jump to deal with our machine. Firstly, I added our machine to our /etc/hosts file.

I manually tried to find whether we have web application by default or not ,but there was no web application instance on port 80 and 443.

That’s why, I intentionally moved port scanning part.

1) Reconnaissance

I used two scanning approach on this machine:

a) Version + Default Script Scan

sudo nmap -sV -sC ctisbilkent.edu.tr // Version + Approximately 1000 default script

we have Apache Tomcatweb server & JSP engine on port 8080 by default.

b) Version + Vulnerability Detection

sudo nmap -sV --script vuln ctisbilkent.edu.tr // Version + run scripts that are designed for detecting vulnerabilities