Mixed the two, added my own ideas but nothing. I was able to upload the war file, clicked on it but nothing happened altough I tried out both Netcat and Metasploit as a listener.
In addition, probably I’m missing something but the given version of Tomcat doesn’t have any crticial or high level vulnerability. https://tomcat.apache.org/security-10.html
I’m really clueless, the linked solutions should work but they don’t, so…
Im wondering if the target has been updated as you mentioned there is no high level vulnerability’s for the version that is running currently. Hopefully someone can help us two inspiring pen testers out!
I’m stuck on HOST-1: I had tried create a WAR file with a Java reverse shell in Msfvenom and uploaded it to Tomcat but I get a HTTP 500 Error when I try to deploy it for a reverse shell. I had also tried used Msfconsole: Tomcat_mgr_upload exploit but it not work there either. Can anyone give me a Hint? I have no clue after working on this many hours…
I had also tried used Msfconsole: Tomcat_mgr_upload exploit but it not work there either. Can anyone give me a Hint? I have no clue after working on this many hours…
I am facing the same problem.
Is there any way to solve this?
Hello everyone …i got stuck in ( Exploit the target and gain a shell session. Submit the name of the folder located in C:\Shares\ (Format: all lower case) …while scanning with nmap it shows only one port open i.e-3389 and i dont know how to proceed with this
Make sure you’re scanning the right target, remember you’re connecting to a host via rdp first and then scanning the target. if you scan the host IP you’ll only get the open port 3389
