Second, we have a WebDAV interface, and a potential avenue for uploading a PHP shell. First, we have a login page - this provides us with a way to brute-force login credentials. The recon we do feeds into the choice of Metasploit modules that we make. These turn up some interesting pages that can potentially be bypassed:
#APACHE TOMCAT DEFAULT CREDENTIALS CODE#
Using code '404' as not found for 10.0.0.27 Msf auxiliary(dir_scanner) > set RPORT 8180 Msf auxiliary(dir_scanner) > set RHOSTS 10.0.0.27 Msf auxiliary(dir_listing) > use auxiliary/scanner/http/dir_scanner
Running the HTTP dir scanner module turns up some goodies: Let's start by doing some recon of the Tomcat server using the various HTTP scanners in Metasploit. That is, it functions like the Apache web server, but for JavaServer Pages (JSP).įrom the description of Coyote on the Tomcat page, it sounds like this server will be as susceptible to denial of service attacks as the Apache web server was. The nmap scan didn't return the version, so that's probably the first thing we'll want to figure out.Ĭoyote is a stand-alone web server that provides servlets to Tomcat applets.
#APACHE TOMCAT DEFAULT CREDENTIALS SOFTWARE#
All this means is, web pages accessed through port 8180 will be assembled by a Java web application.Īpache Tomcat provides software to run Java applets in the browser. Just a reminder of what the nmap scan returned about Apache Tomcat and Coyote:ġ0.0.0.27 8180 tcp http open Apache Tomcat/Coyote JSP engine 1.1 The end goal is to obtain a shell on the web server. We will attempt to abuse the Tomcat server in order to obtain access to the web server.
0 kommentar(er)
