Create a "permanent" backdoor using the Tomcat user name and password

You can learn from this case:
(1) some basic knowledge about JSP
(2) construct a backdoor using the Tomcat user name and password
First of all, I would like to thank the hacker manual for its "non-security. the editor of "housheng" provided help for this purpose, and thanked the netizens for their "Sad fish". This article draws on the idea of "how to handle tomcat through cooking dishes, the war generation provided in this article is vague and complex, and the method provided in this article is simple and easy to use.
JSP, short for Java Server Pages, is a dynamic web page Technical Standard promoted by Sun Microsystems and participated by many companies. JSP technology uses JAVA as the scripting language. JSP web pages provide an interface for the JAVA Library Unit on the server to serve HTTP applications. Adding Java program snippets and JSP tags to traditional webpage HTML files (*. htm, *. html) constitutes a JSP webpage (*. jsp ). When the Web server encounters a request to access the JSP webpage, it first executes the program fragment and then returns the execution result to the customer in HTML format. Program snippets can operate databases, redirect webpages, and send emails. This is the function required to build a dynamic website. All program operations are performed on the server. The results are only obtained when the network is uploaded to the client. The client has the lowest requirements on the client browser and can achieve no Plug-in or ActiveX, no Java Applet or even Frame.
Tomcat is a free and open-source Serlvet container. It is a core project of the Jakarta project of the Apache Foundation, developed by Apache, Sun, and other companies and individuals. With Sun's participation and support, the latest Servlet and Jsp specifications can always be reflected in Tomcat. Unlike traditional desktop applications, Tomcat applications are a WAR (Web Archive) file. WAR is a Web application format proposed by Sun. Similar to JAR, WAR is also a compressed package of many files. The files in this package are organized by a certain directory structure: Usually its root directory contains Html and Jsp files or directories containing these two files, there will also be a WEB-INF directory, this directory is very important. Usually there is a web under the WEB-INF directory. xml file and a classes directory, web. xml is the configuration file of this application, while the classes directory contains the compiled Servlet class and other classes (such as JavaBean) on which Jsp or Servlet depends ). Usually these dependent classes can also be packaged into JAR to the lib directory under the WEB-INF, of course, can also be placed in the system CLASSPATH, but that porting and management is not convenient.
InTomcatApplication Deployment is simple.WARPut inTomcatOfWebappDirectory,TomcatThe file is automatically detected and decompressed. AccessJspThe first time is usually very slow, becauseTomcatToJspConvertServletFile, and then compile. After compilation, the access will be fast. In additionTomcatIt also provides an application:ManagerThe user name and password are required to access this application. The user name and password are stored in oneXmlFile. This application helpsFtp.WebDeploy and undo applications locally. This case uses this feature to build Backdoor programs.TomcatNot justServletContainer, which also has the traditionalWebServer features: ProcessingHtmlPage. HoweverApacheCompared to staticHtmlIs inferiorApache. You can setTomcatAndApacheIntegrated into one piece, letApacheStatic ProcessingHtml, AndTomcatProcessingJspAndServlet.You only need to modify this integration.ApacheAndTomcat.(1) CheckTomcat. Server installedApache TomcatIt will be opened by default later8080Port is used for external connection.IP: 8080Or a domain name.Apache TomcatPage,1. Figure1ConnectTomcatPage(2) viewTomcatUser configuration file.TomcatAfter the installation is complete, there is a configuration file"Tomcat-users.xmlIt is located inTomcatUnder the Program Installation DirectoryConfDirectory, open the file directly and you can see the plaintext values about the user name and password,2As shown in, find and remember to includeAdmin, manager"The username and password for that line