Prepare the VM and run nmap against it:
Quick nmap review:
Cool. First hint: is there a Tomcat (manager)? Sure there is. But how to get inside? As you probably remember this is a VM related to Axis LFI bug (for example) so maybe we can exploit Axis to get some password (file) to access Tomcat's manager...
Yeah. Let's log in as manager now:
So we're able to access manager's panel. Let's find out if Tomcat is vulnerable to WAR upload (if so, we'll be able to upload shell in JSP):
This code is grabbed from the 'walkthrough' but I modified it a little bit:
Ready to use:
Great! So again we're able to search for some passwords or other vulnerabilities on this server.
If you have other solutions to get this box, feel free to post it in comments (or simple mail me).