![]() # Name Disclosure Date Rank Check DescriptionĠ auxiliary/admin/http/tomcat_administration normal Yes Tomcat Administration Tool Default Accessġ auxiliary/admin/http/tomcat_utf8_traversal normal Yes Tomcat UTF-8 Directory Traversal VulnerabilityĢ auxiliary/admin/http/trendmicro_dlp_traversal normal Yes TrendMicro Data Loss Prevention 5.5 Directory Traversalģ auxiliary/dos/http/apache_commons_fileupload_dos normal No Apache Commons FileUpload and Apache Tomcat DoSĤ auxiliary/dos/http/apache_tomcat_transfer_encoding normal No Apache Tomcat Transfer-Encoding Information Disclosure and DoSĥ auxiliary/dos/http/hashcollision_dos normal No Hashtable CollisionsĦ auxiliary/scanner/http/tomcat_enum normal Yes Apache Tomcat User Enumerationħ auxiliary/scanner/http/tomcat_mgr_login normal Yes Tomcat Application Manager Login UtilityĨ exploit/linux/http/cisco_prime_inf_rce excellent Yes Cisco Prime Infrastructure Unauthenticated Remote Code Executionĩ exploit/linux/http/cpi_tararchive_upload excellent Yes Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerabilityġ0 exploit/multi/http/struts2_namespace_ognl excellent Yes Apache Struts 2 Namespace Redirect OGNL Injectionġ1 exploit/multi/http/struts_code_exec_classloader manual No Apache Struts ClassLoader Manipulation Remote Code Executionġ2 exploit/multi/http/struts_dev_mode excellent Yes Apache Struts 2 Developer Mode OGNL Executionġ3 exploit/multi/http/tomcat_jsp_upload_bypass excellent Yes Tomcat RCE via JSP Upload Bypassġ4 exploit/multi/http/tomcat_mgr_deploy excellent Yes Apache Tomcat Manager Application Deployer Authenticated Code Executionġ5 exploit/multi/http/tomcat_mgr_upload excellent Yes Apache Tomcat Manager Authenticated Upload Code Executionġ6 exploit/multi/http/zenworks_configuration_management_upload excellent Yes Novell ZENworks Configuration Management Arbitrary File Uploadġ7 exploit/windows/http/tomcat_cgi_cmdlineargs excellent Yes Apache Tomcat CGIServlet enableCmdLineArguments Vulnerabilityġ8 post/multi/gather/tomcat_gather normal No Gather Tomcat Credentialsġ9 post/windows/gather/enum_tomcat normal No Windows Gather Apache Tomcat Enumeration Use the search command to find any modules dealing with Apache Tomcat: msf5 > search tomcat * WARNING: No database support: No database YAML file ***rting the Metasploit Framework console. We can launch Metasploit by typing msfconsole in the terminal. Metasploit has an auxiliary scanner that will attempt to brute-force Tomcat's Manager application. Next, for this exploit to work reliably, we need a valid set of credentials. We can see that Tomcat is indeed running on HTTP port 8180. ![]() Service Info: Host: OSs: Unix, Linux CPE: cpe:/o:linux:linux_kernel ![]() The -sV switch will attempt to determine the name and version of any available service: ~# nmap -sV 10.10.0.50Ģ2/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)ġ524/tcp open bindshell Metasploitable root shellĨ180/tcp open http Apache Tomcat/Coyote JSP engine 1.1 We can begin by performing an Nmap scan on the target to verify that Apache Tomcat is running. We will be using Kali Linux to attack an instance of Metasploitable 2, an intentionally vulnerable virtual machine, to highlight the Tomcat vulnerability. Previous versions of Apache Tomcat included a vulnerability that allowed attackers to upload and deploy a WAR backdoor. These files are similar to JAR files but contain everything the web app needs, such as JavaScript, CSS, etc. Tomcat uses WAR (Web Application Archive) files to deploy web apps via servlets. Don't Miss: Scan Websites for Interesting Directories & Files with Gobuster.It was first released in 1998 and is still developed and maintained today under the Apache License 2.0. What this does is provide an environment where Java code can run over HTTP. By exploiting a vulnerability in Apache Tomcat, a hacker can upload a backdoor and get a shell.Īpache Tomcat is an open-source implementation of several Java technologies, including Java Servlet, JSP, Java EL, and WebSocket. Web management interfaces should be scrutinized just as hard as the apps they manage, especially when they contain some sort of upload functionality. Web applications are a prime target for hackers, but sometimes it's not just the web apps themselves that are vulnerable.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |