adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/documentation/modules/auxiliary/admin/http/tomcat_administration.md
T
wchen-r7 b53ee1390c Fix cosmetic issues with info -d
2017-01-17 13:46:12 -06:00

52 lines
1.9 KiB
Markdown
Raw Blame History

## Vulnerable Application
The administrator application was removed as of Tomcat 6. Tomcat 5.5.36 is available from [apache](https://archive.apache.org/dist/tomcat/tomcat-5/v5.5.36/). This does not have the `admin` app bundled though, and can be downloaded [here](https://archive.apache.org/dist/tomcat/tomcat-5/v5.5.36/bin/apache-tomcat-5.5.36-admin.zip).
To utilize the `admin` application, a user must have the permission `admin` applied to their account. The following user line will handle all necessary permissions:
```
<user username="tomcat" password="tomcat" roles="admin"/>
```
## Verification Steps
1. Install Tomcat 5.5 or older
2. Install the admin app
3. Start msfconsole
4. Do: ```use auxiliary/admin/http/tomcat_administration```
5. Do: ```set rhosts [ips]```
6. Do: ```set tomcat_user [username]```
7. Do: ```set tomcat_pass [username]```
8. Do: ```set rport [port]```
9. Do: ```run```
10. Find all the Tomcat admin portals
## Options
**rport**
The default is set to `8180`, which is only default on FreeBSD. All other operating systems, and the software itself, default to `8080`.
## Scenarios
Example run against Tomcat 5.5.36 with admin module installed against Windows XP
```
msf > use auxiliary/admin/http/tomcat_administration
msf auxiliary(tomcat_administration) > set rport 8085
rport => 8085
msf auxiliary(tomcat_administration) > set rhosts 192.168.2.108
rhosts => 192.168.2.108
msf auxiliary(tomcat_administration) > set verbose true
verbose => true
msf auxiliary(tomcat_administration) > set tomcat_pass tomcat
tomcat_pass => tomcat
msf auxiliary(tomcat_administration) > set tomcat_user tomcat
tomcat_user => tomcat
msf auxiliary(tomcat_administration) > run
[*] http://192.168.2.108:8085/admin [Apache-Coyote/1.1] [Apache Tomcat/5.5.36] [Tomcat Server Administration] [tomcat/tomcat]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
Reference in New Issue View Git Blame Copy Permalink