Metasploitable Tomcat
In this recipe, we will explore how to use Metasploit to attack a Tomcat server using the Tomcat Manager Login module. Tomcat, or Apache Tomcat, is an open source web server and servlet container used to run Java Servlets and JavaServer Pages (JSP). The Tomcat server is written in pure Java. We will use Metasploit in order to brute force a Tomcat login.
Getting ready
The following requirements need to be fulfilled:
A connection to the internal network is required to complete this recipe
Metasploitable running in our hacking lab
Word list to perform a dictionary attack
How to do it...
Let's begin the recipe by opening a terminal window:
Open a command prompt.
Launch the MSFCONSOLE:
msfconsole
Search for all available Tomcat modules:
search tomcat
Use the Tomcat Application Manager Login Utility:
use auxiliary/scanner/http/tomcat_mgr_login
Show the available options of the module:
show options
Note
Notice we have a lot of items that are set to yes and are required. We will utilize...