Saturday, June 11, 2016

METASPLOIT - Linux - Tomcat


- Layout for this exercise:

-  Tomcat is an open-source web server developed by the Apache Software Foundation (ASF). Tomcat implements several Java EE specifications including Java Servlet, JavaServer Pages (JSP), Java EL, and WebSocket, and provides a "pure Java" HTTP web server environment in which Java code can run.

- Metasploit Framework provides a module that attempts to login to a Tomcat Application Manager instance using a specific user/pass.

- Required options for this exploit are remote host (victim's IP) and port (8180):

- The exploit achieves a successful login with valid username and password, using a wordlist provided by Metasploit:



- Now, a new module can be used to execute a payload on Tomcat servers that have an exposed "manager" application.
Required options are, aside from RHOST and RPORT, the username and password discovered in the previous step (tomcat/tomcat):

- Also, this payload will generate a remote reverse meterpreter :

- Required options are local attacker's IP and listening port:

- Launching the exploit, a meterpreter session is generated as expected:

- Also, using discovered credentials the attacker has got easy access to the Tomcat Administration  Tool web page: