Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tomcat #58

Open
AI0TSec opened this issue Dec 4, 2019 · 1 comment
Open

Tomcat #58

AI0TSec opened this issue Dec 4, 2019 · 1 comment
Labels

Comments

@AI0TSec
Copy link
Owner

AI0TSec commented Dec 4, 2019

BurpSuite

访问http://host:port/manager/html

image

Burp抓包进行暴力破解

image

查看请求包,发现将输入的账号、密码重新编码为Base64密文:用户名:密码 > admin:admin > YWRtaW46YWRtaW4=

GET /manager/html HTTP/1.1
Host: 192.168.100.17:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.100.17:8080/
Connection: close
Cookie: JSESSIONID=C415245CC7B4597217A5869528EFB776
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Authorization: Basic YWRtaW46YWRtaW4=

image

发送至Intruder模块,标记暴力破解变量(YWRtaW46YWRtaW4=),选择攻击类型(Sniper)
image

Payload设置,类型选择Custom iterator自定义迭代器,设置三个迭代payload分别代表:用户名
: 密码

用户名攻击载荷设置

image

:攻击载荷设置

image

密码攻击载荷设置

image

设置编码器(Base64)
image

取消勾选
image

进行爆破
image

工具/脚本

image

image

Metasploit

use auxiliary/scanner/http/tomcat_mgr_login

image
image

@AI0TSec
Copy link
Owner Author

AI0TSec commented Dec 4, 2019

上传WAR包GetShell

image

WAR包制作

*.\Java\jdk1.8.0_102\bin目录下执行命令:jar -cvf [war包名称].war [木马名称].jsp,生成war包

image

WAR包上传

点击上传,上传成功后显示路径:/shell

image

直接访问木马文件

image
image

@AI0TSec AI0TSec added the Tomcat label Dec 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant