tomcat manager exposed


#nmap -sS -sV target

Here are some visual clues that the tomcat you are visiting has "manager" available.

-navigate to browser and input target:port

-in the tomcat browser we can see that manager is listed. (See image above)

-attempt manager login with default credentials using metaploit

#use scanner/http/tomcat_mgr_login

-if it works you have gained credentials. save these somewhere

At this point you can branch off into method 1 or method 2

Method 1 only using metasploit

Method 2 utilizes scanner/http/tomcat_mgr_login followed by actually loading a custom made msfvenom