CyberSecLabs - Deployable - Windows [Walkthrough]

▶️ YouTube: https://www.youtube.com/c/PinkDraconian 🐦 Twitter: https://twitter.com/PinkDraconian 🎵 TikTok: https://www.tiktok.com/@pinkdraconian ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/ 📞 Discord: PinkDraconian#9907 📷 Instagram: https://www.instagram.com/robbevanroey/ 🕸️ Website: http://pinkdraconian.d4rkc0de.com/ 👨‍💻 HackTheBox: https://www.hackthebox.eu/home/users/profile/129531 Twitter: https://twitter.com/PinkDraconian Discord: PinkDraconian#9907 Website: http://pinkdraconian.d4rkc0de.com/

Platform: CyberSecLabs

Platform Link: https://www.cyberseclabs.co.uk/

Category: Machine

OS: Windows

Challenge name: Deployable

Difficulty: 1/10

00:00 Introduction 00:10 Nmap scan 00:30 Checking out apache tomcat on port 8080 01:10 Checking login for manager page on tomcat, they use default credentials 01:45 Manually creating a jsp file to deploy in tomcat, to give us a webshell 03:45 Code exec, we get a reverse meterpreter shell with regsvr32 05:50 Uploading and running winpeas with meterpreter 07:10 We have a service with a path without quotes and spaces, and a directory we can change 08:50 We can check the configuration of the service 10:20 Creating our reverse tcp shell with msfvenom 11:15 Uploading shell to service.exe and starting service ... https://www.youtube.com/watch?v=3YWOggMiKu4