Shells & payloads - The live engagement - host #1

Hi,

now I’ve been struggling for 10 hours with the first host and couldn’t make any progress so some serious help would be really appreciated.

I found and followed the next article that didn’t work:
[How to Hack Apache Tomcat via Malicious WAR File Upload « Null Byte :: WonderHowTo]

I also found the following video, no help:
https://www.youtube.com/watch?v=JTgUI3BKJek

Mixed the two, added my own ideas but nothing. I was able to upload the war file, clicked on it but nothing happened altough I tried out both Netcat and Metasploit as a listener.

In addition, probably I’m missing something but the given version of Tomcat doesn’t have any crticial or high level vulnerability.
https://tomcat.apache.org/security-10.html

I’m really clueless, the linked solutions should work but they don’t, so…

1 Like

Hey Zsombi

Im also having the same issues as you and spent about the same time as you have. I’ve tried different payloads and tried using the other ip’s listed in ifconfig. I got nothing to work thought metasploit, i managed to upload a .war webshell that works some what but, it looks like the output is being filtered out (heres the web shell GitHub - p0dalirius/Tomcat-webshell-application: A webshell application and interactive shell for pentesting Apache Tomcat servers.) there’s also a good set of examples here (Tomcat - HackTricks) i tried both webshells here as well.

Im wondering if the target has been updated as you mentioned there is no high level vulnerability’s for the version that is running currently. Hopefully someone can help us two inspiring pen testers out!

Use msfvenom for this and all will be fine.

1 Like

I’m stuck on HOST-1: I had tried create a WAR file with a Java reverse shell in Msfvenom and uploaded it to Tomcat but I get a HTTP 500 Error when I try to deploy it for a reverse shell. I had also tried used Msfconsole: Tomcat_mgr_upload exploit but it not work there either. Can anyone give me a Hint? I have no clue after working on this many hours…

Where you able to fix this?

I had also tried used Msfconsole: Tomcat_mgr_upload exploit but it not work there either. Can anyone give me a Hint? I have no clue after working on this many hours…

I am facing the same problem.
Is there any way to solve this?

Hello everyone …i got stuck in ( Exploit the target and gain a shell session. Submit the name of the folder located in C:\Shares\ (Format: all lower case) …while scanning with nmap it shows only one port open i.e-3389 and i dont know how to proceed with this

Make sure you’re scanning the right target, remember you’re connecting to a host via rdp first and then scanning the target. if you scan the host IP you’ll only get the open port 3389