Exploiting Tomcat with LFI & Container Privesc - "Tabby" HackTheBox
Вставка
- Опубліковано 6 лис 2020
- To help support me, check out Kite! Kite is a coding assistant that helps you faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link) Hang with our community on Discord! johnhammond.org/discord
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnhammond010
GitHub: github.com/JohnHammond
Site: www.johnhammond.org
Twitter: / _johnhammond
This is much better than Netflix
Ya. I always go for one of these videos first.
100% agree
Honestly ✨
F*c*i*g Trueeeee
The correct response. 🎉
Love the content dude! In a week I've gone from knowing nothing about hacking, very little about networking or scripting and not a huge deal about computers to successfully completing 2 HTB boxes using what I've learnt here! No walkthroughs!
Keep up the great work, you're single handedly teaching me penetration testing!
I love how long it takes you to find the tomcat users file, when it was written at the bottom of the :8080 page at all times, you just never got around to reading the last paragraph.
Loved the wfuzz idea. ippsec also had trouble finding the exact path so you're in good company
you had me on the edge of my seat when you didn't think to view the tomcat user file with the file inclusion. best content ever
I often like to test path traversal for file=statement by using something like file=statement/../statement since if it actually is path traversal, then the path would be simplified to file=statement, which exists and returns a result ;)
Thanks for the video, John.
Thank you for the awesome content. I find it very inspirational. :)
Awesome content. Thanks for all the hard work.
Awesome stuff man. Keep it up. Would like to see some more advanced techniques on harder challenges.
Thanks John!
excellent john!!
These videos are amazing ,great work
wfuzz part was cool... and pwncat gotta admit it's awesome.
Awesome, as always!
I learned a lot from you,... thanks sir
Just like always you are the best bro.... Whenever there is a htb box release watch both your video and ippsec video....
learning something new everyday from your videos 😁😁
Great . Thanks
Awesome Content!
Hey John, would you consider a video walking us through your setup? It would be for other people that aren't running Kali that want to emulate your work flow.
Things like install locations for apps and scripts (I see a lot of them in opt but I'm new to Linux and assume there would be some changes you'd have to make to permissions for that to work smoothly), essential tools, folder structuring, services you have either bookmarked or committed to memory (like gtfobins), the shortcuts you use in sublime, and what terminal multiplexer you use (and shortcuts for that)
Awesome video, can you do some more Hack The Box machines?
I just passed the eJPT and im starting the PWK for OSCP
fun to see the box I just finished :D (My first thing like this ever xD)
also learned now some things thatI could have automated :) For example the fuzzing I did manually. And I never checked the admin vhost thingy. and I didnt use metasploit. a regular curl does the trick. Also should have used pwncat. that will help next time :D
great video! :)
you are the genuine ONE🥃
also if you didnt notice at the bottom on the page for tomcat in the NOTES is shows the directory for the tomcat-users is located
I love this guy I've been following you for awhile love u
TXT files is preparation for IAS, ssh is complicated fan page.
Comment Box style modes.
Collecting connection/cat files
So that's how you tell it to use the hostname and associate it with the IP!! Thanks!!
This should be good! Thanks JH, keep them coming, good Sir!!
(18:34) - docker container, look for same version of Tomcat and locate the conf file.
(26:48)- Metasploit
(28:22)- Pwncat
(31:31)- fcrackzip
The fastest exit of VIM I've ever seen. :D
Shouting at my screen: read the last paragraph of the tomcat default page...
Ohhh missed the starting gona watch when the video is done
GOod.. continue..
this is true entertainment
Damn read the last line!!
Am I missing something or did you not spot the line at the bottom of the document mentioning the /etc/ path to the xml?
Using wfuzz against an LFI is such an innovative idea but use the flags for filtering 😂. My OCD was triggered. Going to try the same with Feroxbuster tomorrow morning as with recursiveness and syntax I'm curious if it can LFI from a few directories above.
On a side note, any update on paramiko for pwncat? Love the tool and want to use it in my standard environment without needing to go virtual env route.
Aside from personal performance, any good reason for choosing Ubuntu over for instance, Debian, Arch, etc?
The most shocking for me is how complex is hacking framework(s)
Getting user was kind of similar to "Jerry"
apparently this thing requires more patience than I thought.
anything that has to do with computing that is above gaming usually does
he knows exactly how many ../ to add to go to etc/
thats awesome
No, he just overused to to make sure that he'd eventually get to the root. you can repeat ../ 100 times, it will take you to the root even if you are only two folders deep from root.
@@RocketLR ohhh
Great Video! Around 10:15, how do you know how many steps you gotta go back with ../ , was it a specific amount?
cd .. in / takes you to / as you are in the root directory already. So just adding enough ../ does it
When doing an LFI (local file inclusion) adding ../ allows you to go back a directory (in cases where you don't need a more advanced method or WAF bypass); in his case he is just adding in a bunch as eventually you get to the TLD 'root' directory of the Ubuntu machine and can't go 'up' any further. HackTrickz has a good overview of LFI.
@@ChrisSoehnlein Thank you! Now I get it
You actually don't need to use the ../ Php will accept absolute paths so you can just do /etc/passwd from anywhere for example
hey John i want to ask about your experience and your opinion using Kali on WLS2, is it worthy for beginner level and people who had limited resources on their computer?
do some more hackthebox walkthroughs
Vrey Cool Vid :)
💯
I missed the live premiere : (
Wow, great. Please help?? -] Exploit aborted due to failure: not-found: The target server fingerprint " ( 401-Basic realm="Tomcat Manager Application" )" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check.
[*] Exploit completed, but no session was created.
I literally did everything the same... :(
This would have taken me 45 days :P so 45min is pretty good i would say lol.
2 videos on this tabby
i could not get any info from nmap scan why is that
So sad... And they had just updated their security xD
John what is your OS
♥️
What terminal do you use ? If anyone know i'm really interested . Thanks
Looks similar to Tilix
Elements Coming for this answer in elements is looking files prepare
Man, I love watching you smash that hosts :).
Having worked with tomcat it always bothered me that credentials were stored in plaintext in xml files. This video is giving me anxiety.
What are you exploiting I'm very curious
Algo
Sir im in very bad situation i need one help from you pls reply me
Isn't that vulnerability called "directory traversal" rather than "local file inclusion"? You can't really include files seems to me :P
Wc~c how to use
Good day John, I am new to the cyber field, I recently started the ceh course and your videos really help with the practical part. Thank you for making such great videos!
I beg you, please could you make a video explaining how to make a wordlist for brute forcing passwords, is there a way to make a giant wordlist with all leaked passwords or how do you go about obtaining your word list for all your various projects.
I was like, ok you have the path of the tomcat user config and a way to view it, why the hell are you looking for default users?
Also later on de video he looks for the users.xml location on internet. John! you have the correct path down on the bottom, why don't you finish reading the page?
Sir i need help from you pls reply me
I don't get people calling people script kiddies just for using useful tools its dum btw i would say a script kiddie is someone that know nothing about coding or using the cool or good tools properly
that's like calling a plumber that uses his tools a bad plumber
man you are very talented indeed. could you teach me some important stuff when you free? I'm a hacker too man but in my country I don't have a good mentor.. could you be my mentor?
Love the videos. It would be interesting if TryHackMe or other sites would allow Red vs Blue team. Defenders could access tools like ELK and other tools to monitor and act.
That’s king of the hill
is this ubuntu os?