Web
Nmap discovered a Web server on the port 61777 of the CyberLens(10.10.53.112) host.
The running service is Jetty 8.y.z-SNAPSHOT
┌──(kali㉿kali)-[~/archive/thm/cyberlens]
└─$ curl -I -X OPTIONS http://$IP:61777/
HTTP/1.1 200 OK
Allow: POST,GET,PUT,OPTIONS,HEAD
Date: Sat, 05 Jul 2025 13:09:12 GMT
Content-Length: 0
Server: Jetty(8.y.z-SNAPSHOT)
┌──(kali㉿kali)-[~/archive/thm/cyberlens]
└─$ curl -I http://$IP:61777/
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 05 Jul 2025 13:09:16 GMT
Content-Length: 1458
Server: Jetty(8.y.z-SNAPSHOT)
Webroot
It’s Apache Tik server; 1.17
All the endpoints are listed
Apache Tika is a content detection and analysis framework, written in Java, stewarded at the Apache Software Foundation. It detects and extracts metadata and text from over a thousand different file types, and as well as providing a Java library, has server and command-line editions suitable for use from other programming languages.
Vulnerabilities
┌──(kali㉿kali)-[~/archive/thm/cyberlens]
└─$ searchsploit Apache Tika
---------------------------------------------------------------- ---------------------------------
Exploit Title | Path
---------------------------------------------------------------- ---------------------------------
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) | windows/remote/47208.rb
Apache Tika-server < 1.18 - Command Injection | windows/remote/46540.py
---------------------------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No ResultsIt would appear that Apache Tika 1.17 is vulnerable to an unauthenticatedOS_Command_Injection vulnerability; CVE-2018-1335