Probably the easiest machine on Hack the Box ever; which also means this will be the shortest writeup ever too.Enumeration
So we start as always with our nmap scan.$ nmap -sC -sV -oA nmap/scan 10.10.10.95
The result is only a single port open, 8080. Browsing to that port shows a default Apache Tomcat installation, so let's run Nikto on it.$ nikto -h http://10.10.10.95:8080
This gives us a very useful piece of information. The Tomcat Manager Application is available to us, and the default credentials have not been changed!Exploit
Searchsploit shows us there is a remote code execution exploit for authenticated users using the Manager Application, so lets fire up Metasploit, choose our exploit and set the options.
Fire the exploit off, and boom; NT AUTHORITY/SYSTEM straight away giving us immediate access to both flags.
Told you it would be short ;)