Logging into Tomcat Manager (port 8080) allows deployment of a WAR backdoor. Reverse shell obtained as user tomcat .
As I continued to explore the box, I stumbled upon a misconfigured sudoers file. This configuration allowed me to execute a specific command with elevated privileges, paving the way for a smooth privilege escalation. hackfail.htb
Common CVEs seen on hackfail.htb walkthroughs: Logging into Tomcat Manager (port 8080) allows deployment
"Come on," Kai whispered, typing furiously. "It’s an SSTI. It has to be Server-Side Template Injection." " Kai whispered
