预备知识
tomcat渗透
tomcat默认密码
手工制作war的shell
tomcat 管理页面上传部署war的shell
渗透过程
nmap先开在后台,因为最近htb出现了点问题,所以先放在后台,然后起一个目录爆破
proxychains sudo nmap -p 1-65535 -sV -sS -T4 10.10.10.95
proxychains gobuster dir -u 10.10.10.95 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 200 -o jerry -q
然而第二个目录爆破失败了,报错信息如下,还以为是要换成post请求,
Error: error on running goubster: unable to connect to http://10.10.10.95/: Get http://10.10.10.95/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
但是发现nmap扫好了,输出结果如下,搞明白原来是开在了8080端口了
Nmap scan report for 10.10.10.95
Host is up (0.26s latency).
Not shown: 65534 filtered ports
PORT STATE SERVICE VERSION
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
Service detection