Tomcat configuration administrator-backdoor and tomcat Backdoor

Tomcat configuration administrator-backdoor and tomcat Backdoor
In Tomcat, the application deployment is very simple. You only need to put your WAR in the Tomcat webapp directory. Tomcat will automatically detect this file and decompress it. When accessing the Jsp of this application in a browser, it is usually very slow for the first time, because Tomcat needs to convert the Jsp into a Servlet File and then compile it. After compilation, the access will be fast. In addition, Tomcat also provides an application: manager, which requires a user name and password. the user name and password are stored in an xml file. Through this application, Ftp can be used to remotely deploy and withdraw applications on the Web. Of course, it can also be used locally. In this case, this feature is used to build Backdoor programs. Tomcat is not only a Servlet container, but also a traditional Web server function: Processing Html pages. However, compared with Apache, Apache is inferior in processing static Html. You can integrate Tomcat and Apache to allow Apache to process static Html, while Tomcat only needs to modify the configuration files of Apache and Tomcat to process Jsp and Servlet. 1. Check that port 8080 is open for external connection by default after the Apache Tomcat server is installed. Generally, enter "IP: 8080" or a domain name in the browser to access the Apache Tomcat page, as shown in. 2. view the Tomcat user configuration file after Tomcat installation is complete, there is a configuration file "tomcat-users.xml", itLocated inTomcat ProgramUnder the installation directoryUnder the conf directoryOpen the file and you can seePlaintext Value, The file is as follows.

<? Xml version = '1. 0' encoding = 'utf-8'?> <! -- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. see the NOTICE file distributed with this work for additional information regarding copyright ownership. the ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file License t in compliance with the License. you may obtain a copy of the License Http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "as is" BASIS, without warranties or conditions of any kind, either express or implied. see the License for the specific language governing permissions and limitations under the License. --> <tomcat-users xmlns = "http://tomcat.apache.org/xml "Xmlns: xsi =" http://www.w3.org/2001/XMLSchema-instance "xsi: schemaLocation =" http://tomcat.apache.org/xml tomcat-users.xsd "version =" 1.0 "> <! -- NOTE: By default, no user is authorized in the "manager-gui" role required to operate the "/manager/html" web application. if you wish to use this app, you must define such a user-the username and password are arbitrary. it is stronugly recommended that you do NOT use one of the users in the commented out section below since they are intended for use with the examples web application. --> <! -- NOTE: The sample user and role entries below are intended for use with the examples web application. they are wrapped in a comment and thus are ignored when reading this file. if you wish to configure these users for use with the examples web application, do not forget to remove the <!.. ...> That surrounds them. You will also need to set the passwords to something appropriate. --> <! -- <Role rolename = "tomcat"/> <role rolename = "role1"/> <user username = "tomcat" password = "<must-be-changed>" roles =" tomcat "/> <user username =" both "password =" <must-be-changed> "roles =" tomcat, role1 "/> <user username =" role1 "password =" <must-be-changed> "roles =" role1 "/> --> <! -- Configure a role --> <role rolename = "manager-gui"/> <role rolename = "admin-gui"/> <! -- Configure the Administrator account, password, and permissions --> <user username = "your username" password = "your password" roles = "admin-gui, manager-gui "/> </tomcat-users>

Note: (1) Many administrators who are not familiar with tomcat have not modified the default password after installing Tomcat. The username is admin and the password is blank. In this case, you can log on directly. (2) If the user modified the password, the password must be saved in the "tomcat-users.xml", so you can get the content of this file through Webshell. The comment is clearly written. Manager AppYesmanage-guiUsers with role Permissions, admin-guiRole users can accessHost ManagerFor the time being, I simply understood this. I will not go into details here. Go Tomcat Web Application ManagerThe effect is as follows: 3. Go to Tomcat management Tomcat to provide online management. This case also officially uses online management to build a backdoor. In Figure 1Click " Tomcat Manager"The user name and password dialog box appears, as shown in. 4. View deployment information enter the Administrator-authorized user name and password obtained from the tomcat-users.xml file in, and enter the deployment management page after the authentication is passed, as shown in. Note: (1) on the deployment management page, you can "Start", "Stop", "Reload", and "Undeploy) for a deployed project, click Undeploy to delete the file physically. (2) The deployed folder is named *. war.For example, if the file to be uploaded is esite. war, an "esite" folder (the folder to decompress the war) is generated in the Tomcat directory ). 5. deploy the JSP WebShell backdoor program. There is a "WAR file to deploy" at the bottom of the Deployment Management page. Click Browse to select a configured backdoor war file, in this example, the backdoor program is esite. war, click deploy to deploy the file to the server. Note: (1) the deployment file must be a war file. (2) install winzip in the system, and then compress one or more jsp backdoor files into one compressed file. After the compression is successful, the zip file is renamed as "*. war. (3) After the file is uploaded, tomcat will be automatically deployed and run. 6. Test the backdoor program and enter" Deployment file name /Jsp file", For example, in this example, the correct access is" [url] http: // 127.0.0.1: 8080/esite/test. jsp [/url] "Thank you! Thank you for your patience!