Book Image

Kali Linux Cookbook

Book Image

Kali Linux Cookbook

Overview of this book

In this age, where online information is at its most vulnerable, knowing how to execute the same attacks that hackers use to break into your system or network helps you plug the loopholes before it's too late and can save you countless hours and money. Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world's most popular penetration testing distribution. Discover a variety of popular tools of penetration testing, such as information gathering, vulnerability identification, exploitation, privilege escalation, and covering your tracks. Packed with practical recipes, this useful guide begins by covering the installation of Kali Linux and setting up a virtual environment to perform your tests. You will then learn how to eavesdrop and intercept traffic on wireless networks, bypass intrusion detection systems, and attack web applications, as well as checking for open ports, performing data forensics, and much more. The book follows the logical approach of a penetration test from start to finish with many screenshots and illustrations that help to explain each tool in detail. The Kali Linux Cookbook will serve as an excellent source of information for the security professional and novice alike!
Table of Contents (16 chapters)
Kali Linux Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Metasploitable Tomcat


In this recipe, we will explore how to use Metasploit to attack a Tomcat server using the Tomcat Manager Login module. Tomcat, or Apache Tomcat, is an open source web server and servlet container used to run Java Servlets and Java Server Pages (JSP). The Tomcat server is written in pure Java. We will use Metasploit in order to brute force a Tomcat login.

Getting ready

The following requirement needs to be fulfilled:

  • A connection to the internal network

  • Metasploitable running in our hacking lab

  • Wordlist to perform dictionary attack

How to do it...

Let's begin the recipe by opening a terminal window:

  1. Open a command prompt.

  2. Launch the MSFCONSOLE:

    msfconsole
    
  3. Search for all the available Tomcat modules:

    search tomcat
    
  4. Use the Tomcat Application Manager Login Utility:

    use auxiliary/scanner/http/tomcat_mgr_login
    
  5. Show the available options of the module:

    show options
    

    Note

    Notice that we have a lot of items that are set to yes and are required. We will utilize their defaults.

  6. Set Pass_File...