# Try admin panel at: /manager/html # May need to brute basic auth try basic combos: tomcat:s3cret tomcat:tomcat admin:admin admin:s3cret # Can upload war file at the panel # Can automate attack with msf: use exploit/multi/http/tomcat_mgr_upload
# Passwords /var/lib/tomcat8/tomcat-users.xml
https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat
Last updated 3 years ago