login successful.Similar to the ftp file upload and then execute we would have to use the same methodology here with a WAR file google msfvenom cheatsheet and get a payload for WAR save the payload deploy the payload execute the payload We have a shell ( something to note: use the actual IP address don’t put tun0) you could just type ‘2 for the price of 1.txt’ and get the flags but I didn’t know that atm so i created a meterpreter shell and did it from there. meterpreter payload After we created the msfvenom payload for the meterpreter shell we hosted a python server so we can get this payload on the apache machine Go to the ip address of the machine to see all the files you just hosted on the python web server. ( If you ever did the gatekeeper room on THM you know this is a similar process to get that gatekeeper.exe file on the system.) ALSO another thing to note is that this is similar to uploading something to an ftp server in the devel box on HTB once executed the sh.exe by just going to the website and including the directory we were able to get an meterpreter shell navigate to the root.txt flag
In this machine we were able to discover that default credentials are bad. We also learned about burpsuite and how effective it is against web application pentesting. we were able to intercept traffic, decode base64, perform a brute force attack. Also we did a similar function with uploading a file to a server and downloading it as we did in the Devel box.