Tomcat WAR shell upload (authenticated)

Let's say we have the credentials to an Apache Tomcat instance (maybe via snooping/sniffing or from a file with sensitive information). A user can run a web application by uploading a packed WAR file to the Apache Tomcat instance. In this section, we will upload a WAR file to get a bind/reverse shell connection. Please note that the WAR shell upload requires authentication to work; otherwise, the server will respond with an HTTP 401 (Unauthorized) code:

  1. To begin with, let's request the /manager/html page. The server will ask for HTTP authentication:

  1. Once authenticated, the page will be redirected ...

Get Hands-On Web Penetration Testing with Metasploit now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.