Archive for 16 czerwca, 2012

Metasploitable 2 – Apache Tomcat Exploitation

16 czerwca, 2012 Dodaj komentarz

Metasploitable 2 – Apache Tomcat Exploitation

In this post we will focus on the Apache Tomcat Web server and how we can discover the administrator’s credentials in order to gain access to the remote system – Metasploitable 2.

So we are performing our internal penetration testing and we have discovered the Apache Tomcat running on a remot system metasploitable linux 2 on port 8180.
nmap scan

nmap scan

Our next step will be to start metasploit framework and to search „tomcat”

msf> search tomcat

We have found an auxiliary scanner which will be the tool for our attempt to login to the Tomcat Application Manager.

search tomcat


So we run the scanner and we are waiting to see if it will discover any valid credentials:

run exploit

run exploit

We see User – tomcat , password – tomcat