Using Tomcat Manager to execute code
In the previous recipe we obtained the Tomcat's Manager credentials and mentioned that it could lead us to execute code in the server. In this recipe, we will use such credentials to log into the Manager and upload a new application that will allow us to execute operating system commands in the server.
How to do it...
Go to
http://192.168.56.102:8080/manager/html.When asked for username and password, use the ones obtained in the previous recipe:
rootandowaspbwa:
Once inside the Manager, look for the section WAR file to deploy and click on the Browse… button.
Kali includes a collection of webshells in
/usr/share/laudanum, browse there and select the file/usr/share/laudanum/jsp/cmd.war:
After it is loaded, click on Deploy:
Verify that you have a new application called cmd.
Let's try it, go to
http://192.168.56.102:8080/cmd/cmd.jsp.In the textbox, try a command, for example:
ifconfig
We can see that we can execute commands, but to know which user and what privilege...
