Comment on page
There's a directory traversal vuln.
Once you get the hash, crack it with crackstation, bypass the traffic with burp to login.
to get a rev shell, schedule a task (go to mapping to get a path), and post jsp rev shell.
If the directory listing is disabled, do curl to execute the rev shell.