Attacking Tomcat's passwords with Metasploit

Apache Tomcat, or simply Tomcat, is one of the most widely used servers for Java web applications in the world. It is also very common to find a Tomcat server with some configurations left by default, among those configurations. It is surprisingly usual to find that a server has the web application manager exposed, this is the application that allows the administrator to start, stop, add, and delete applications in the server.

In this recipe, we will use a Metasploit module to perform a dictionary attack over a Tomcat server in order to obtain access to its manager application.

Getting ready

Before we start using the Metasploit Framework, we will need to start the database service in a root terminal run: ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Attacking Tomcat's passwords with Metasploit

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly