Tomcat

WAR File
# Try admin panel at:
/manager/html 
​
# May need to brute basic auth try basic combos:
tomcat:s3cret
tomcat:tomcat
admin:admin
admin:s3cret
​
# Can upload war file at the panel
​
​
​
# Can automate attack with msf:
use exploit/multi/http/tomcat_mgr_upload
Config Files
# Passwords
/var/lib/tomcat8/tomcat-users.xml
​https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat​

Cloud - Previous

Azure

Next - Web App

SQLMap

Last modified 2yr ago