Use the Tomcat console default password vulnerability, upload Trojan file, get target host Webshell.
When the Tomcat console is installed, you need to modify the default management account in a timely manner and eliminate the weak password, and successful users can deploy any Web application, including Webshell.
First, using the Nmap tool to scan the target host
The 1.1 uses the Nmap command to scan the target host. Click on the left side of the desktop and select "Open in Terminal" in the context menu.
1.2 Enter the command "NMAP–SV 192.168.1.3" in the terminal, port scan the target host, discover open 8081 port and run apachetomcat/coyotejsp engine1.1.
650) this.width=650; "title=" 1.jpg "style=" Float:none; "alt=" wkiom1hkg9itoknpaafyeovt7um546.jpg "src=" http:/ S4.51cto.com/wyfs02/m02/8b/58/wkiom1hkg9itoknpaafyeovt7um546.jpg "/>
1.3 Enter ' http://192.168.1.3:8180 in the browser address bar, open the Tomcat page, click ' Tomcat manager ' and ' open the admin page.
1.4 in the popup dialog box, enter the default account tomcat, password tomcat, and click "OK".
650) this.width=650; "title=" 2.jpg "style=" Float:none; "alt=" wkiol1hkg9mbademaaddtjfvcvg045.jpg "src=" http:/ S5.51cto.com/wyfs02/m02/8b/54/wkiol1hkg9mbademaaddtjfvcvg045.jpg "/>
1.5 Click the "Browse" button and under Directory "/home/" select the Hacker.war file.
1.6 Click "Deploy" button, upload trojan, generate/hacker directory.
650) this.width=650; "title=" 3.jpg "style=" Float:none; "alt=" wkiom1hkg9njnscwaaccivpgbdm482.jpg "src=" http:/ S4.51cto.com/wyfs02/m00/8b/58/wkiom1hkg9njnscwaaccivpgbdm482.jpg "/>
1.7 Enter ' http://192.168.1.3:8180/hacker/index.jsp, ' webshell password ' 87966550 ' in the Address bar and log in to Webshell.
650) this.width=650; "title=" 4.jpg "style=" Float:none; "alt=" wkiol1hkg9nhlfrlaabnc4detx8973.jpg "src=" http:/ S4.51cto.com/wyfs02/m00/8b/55/wkiol1hkg9nhlfrlaabnc4detx8973.jpg "/>
1.8 Browser jumps to the Trojan page.
650) this.width=650; "title=" 5.jpg "style=" Float:none; "alt=" wkiom1hkg93z32tdaadm9unxnza719.jpg "src=" http:/ S2.51cto.com/wyfs02/m01/8b/58/wkiom1hkg93z32tdaadm9unxnza719.jpg "/>
This article is from the "12377962" blog, please be sure to keep this source http://12387962.blog.51cto.com/12377962/1883155
Metasploit overflow Tomcat console default password vulnerability