LINUX - TOMCAT
- Layout for this exercise:
- Tomcat is an open-source web server developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet, JavaServer Pages (JSP), Java EL, and WebSocket, and provides a "pure Java" HTTP web server environment in which Java code can run.
https://en.wikipedia.org/wiki/Apache_Tomcat
- Metasploit Framework provides a module that attempts to login to a Tomcat Application Manager instance using a specific user/pass.
https://www.rapid7.com/db/modules/auxiliary/scanner/http/tomcat_mgr_login
- Required options for this exploit are remote host (victim's IP) and port (8180):
- The exploit achieves a successful login with valid username and password, using a wordlist provided by Metasploit:
........
........
- Now, a new module can be used to execute a payload on Tomcat servers that have an exposed "manager" application.
Required options are, aside from RHOST and RPORT, the username and password discovered in the previous step (tomcat/tomcat):
https://www.rapid7.com/db/modules/exploit/multi/http/tomcat_mgr_deploy
- Also, this payload will generate a remote reverse meterpreter :
- Required options are local attacker's IP and listening port:
- Launching the exploit, a meterpreter session is generated as expected:
- Also, using discovered credentials the attacker has got easy access to the Tomcat Administration Tool web page:
