Compromised 1

🔥 Can you compromise this misconfigured Tomcat server?

Medium Mis à jour le 15 janv. 2026 Accès Gratuit Solution (Pro)

Dive into a realistic web application penetration testing scenario featuring Apache Tomcat. This server has been left with dangerous default configurations and sudo misconfigurations that could lead to complete system compromise. 🎯 Master the art of web application exploitation, WAR file deployment, and Linux privilege escalation in this hands-on challenge.

2

Flags

40

Points

51%

Taux de Réussite

Start Your Challenge

Launch your dedicated machine to begin hacking

~1-2 min setup

Dedicated server

Private instance

Industry standard

Open the target and find the flags

flag-user.txt

+20 pts

Login to Submit Your Answer

Open the target and find the flags

flag-root.txt

+20 pts

Login to Submit Your Answer

Ready to hack this lab?

Create a free account to start your own dedicated server, submit flags, and earn points on the leaderboard.

Commencer à Hacker Gratuitement

Compromised 1

Medium 40 points

Directives pour le Writeup

Share your solution approach, methodology, and insights. Your writeup will be reviewed before being published to the community. Earn +5 bonus points when your writeup is approved!

Requirements:

No flag content: Do not reveal actual flag values or passwords in your writeup
Include lab link: Your writeup must contain a direct link to this lab for reference
Educational focus: Explain your methodology, tools used, and learning insights

URL du Writeup *

Link to your blog post, GitHub repository, or any platform where you've published your writeup
Remember to include this lab's URL in your writeup: https://hackerdna.com/labs/compromised-1

Language *

Help others find writeups in their preferred language

Confirmation Required

I confirm that my writeup includes a direct link to this lab

Your writeup must reference this lab's URL: https://hackerdna.com/labs/compromised-1

I confirm that my writeup does NOT contain flag content or critical information

Do not include actual flags, passwords, or other sensitive information that would spoil the challenge

Rejoignez 5 000+ hackers qui apprennent la cybersécurité avec des labs pratiques. Créer un Compte