Labs / Compromised 1
- Medium
- Released 11 Nov 2024
🔥 Can you compromise this misconfigured Tomcat server?
Dive into a realistic web application penetration testing scenario featuring Apache Tomcat. This server has been left with dangerous default configurations and sudo misconfigurations that could lead to complete system compromise. 🎯 Master the art of web application exploitation, WAR file deployment, and Linux privilege escalation in this hands-on challenge.
Start Lab Environment
Launch your dedicated AWS machine to begin hacking
Compromised 1 - Apache Tomcat Exploitation Challenge
Challenge Overview
Welcome to Compromised 1! This challenge simulates a real-world scenario where you need to exploit a misconfigured Apache Tomcat server. The target system has been set up with common misconfigurations that can lead to complete system compromise through web application exploitation and privilege escalation.
Learning Objectives
- Understand Apache Tomcat architecture and common misconfigurations
- Learn web application reconnaissance and enumeration techniques
- Practice exploiting default credentials in web applications
- Master Tomcat Manager exploitation and WAR file deployment
- Develop skills in Linux privilege escalation through sudo misconfigurations
Challenge Scenario
You have discovered a web server running Apache Tomcat that appears to be misconfigured. Your objective is to gain initial access through the web application, escalate privileges to root, and retrieve sensitive flags from the system. The server may have weak credentials and dangerous sudo permissions that can be exploited.
Technical Requirements
- Web application testing tools (Burp Suite, OWASP ZAP)
- WAR file creation and deployment knowledge
- Java web shell development skills
- Linux enumeration and privilege escalation techniques