Hack The Box: Jerry

The goal of this project was to fully compromise the Hack The Box Jerry machine by following a structured penetration testing process. The target was a Windows server running Apache Tomcat with minimal exposed services.

Although rated as an easy machine, Jerry is designed to demonstrate how insecure defaults and exposed administrative interfaces can lead to immediate system compromise. The objective was to enumerate the target, gain initial access, escalate privileges if needed, and retrieve both user and root flags.

I approached this machine with an emphasis on understanding why the vulnerability existed rather than rushing to exploitation. I followed a traditional methodology starting with enumeration, narrowing the attack surface, and only then moving into credential attacks and payload deployment.

Throughout the process, I treated the machine as if it were a real-world system, asking what security controls were missing and how each decision increased risk exposure.

Performed service discovery using Nmap with default scripts and version detection to identify exposed ports and applications

Identified Apache Tomcat running on port 8080 and discovered the Tomcat Manager interface was accessible

Used Hydra with a known Tomcat credential list to brute force weak credentials rather than relying on guesswork

Authenticated to the manager interface and generated a malicious WAR payload using msfvenom

Uploaded and deployed the WAR file through the Tomcat Manager and manually identified the deployed JSP endpoint

Established a reverse Meterpreter shell by triggering the payload through the correct URL path

This machine highlighted how dangerous exposed management interfaces can be when protected by weak or reused credentials.

The Tomcat service was running with SYSTEM-level privileges, which meant that successful exploitation immediately resulted in full system control.

No additional privilege escalation techniques were required, reinforcing the importance of least-privilege service accounts, network access restrictions, and strong authentication for administrative endpoints.

Successfully gained a Meterpreter session running as NT AUTHORITY\SYSTEM and accessed both user and root flags.

Developed a stronger understanding of how web-based management tools can be abused for remote code execution.

Improved my workflow for moving from enumeration to exploitation in a deliberate and repeatable way.

This project reinforced core security concepts such as credential hygiene, service hardening, and reducing blast radius through proper configuration.