hacktricks/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md

# 8009 - Pentesting Apache JServ Protocol (AJP)

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>

Sluit aan by [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) bediener om te kommunikeer met ervare hackers en bug bounty jagters!

**Hacking Inligting**\
Betrek met inhoud wat die opwinding en uitdagings van hacking ondersoek

**Regte Tyd Hack Nuus**\
Bly op hoogte van die vinnige hacking wêreld deur middel van regte tyd nuus en insigte

**Laaste Aankondigings**\
Bly ingelig oor die nuutste bug bounties wat bekendgestel word en belangrike platform opdaterings

**Sluit by ons aan op** [**Discord**](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!

## Basiese Inligting

Van: [https://diablohorn.com/2011/10/19/8009-the-forgotten-tomcat-port/](https://diablohorn.com/2011/10/19/8009-the-forgotten-tomcat-port/)

> AJP is 'n draadprotokol. Dit is 'n geoptimaliseerde weergawe van die HTTP-protokol om 'n standalone webbediener soos [Apache](http://httpd.apache.org/) in staat te stel om met Tomcat te kommunikeer. Histories was Apache baie vinniger as Tomcat om statiese inhoud te bedien. Die idee is om Apache statiese inhoud te laat bedien wanneer moontlik, maar om die versoek na Tomcat te proxy vir Tomcat-verwante inhoud.

Ook interessant:

> Die ajp13-protokol is pakket-georiënteerd. 'n Binaire formaat is vermoedelik gekies bo die meer leesbare platte teks om redes van prestasie. Die webbediener kommunikeer met die servlet houer oor TCP-verbindinge. Om die duur proses van sokket skepping te verminder, sal die webbediener probeer om volhoubare TCP-verbindinge met die servlet houer te handhaaf, en om 'n verbinding vir meerdere versoek/antwoord siklusse te hergebruik.

**Standaard poort:** 8009
```
PORT     STATE SERVICE
8009/tcp open  ajp13
```
## CVE-2020-1938 ['Ghostcat'](https://www.chaitin.cn/en/ghostcat)

As die AJP-poort blootgestel is, mag Tomcat kwesbaar wees vir die Ghostcat kwesbaarheid. Hier is 'n [exploit](https://www.exploit-db.com/exploits/48143) wat met hierdie probleem werk.

Ghostcat is 'n LFI kwesbaarheid, maar ietwat beperk: slegs lêers van 'n sekere pad kan getrek word. Tog kan dit lêers insluit soos `WEB-INF/web.xml` wat belangrike inligting soos akrediteer vir die Tomcat-koppelvlak kan lek, afhangende van die bedieneropstelling.

Gepatchte weergawes op of bo 9.0.31, 8.5.51, en 7.0.100 het hierdie probleem reggestel.

## Enumeration

### Automatic
```bash
nmap -sV --script ajp-auth,ajp-headers,ajp-methods,ajp-request -n -p 8009 <IP>
```
### [**Brute force**](../generic-methodologies-and-resources/brute-force.md#ajp)

## AJP Proxy

### Nginx Reverse Proxy & AJP

[Kontroleer die Dockerized weergawe](8009-pentesting-apache-jserv-protocol-ajp.md#Dockerized-version)

Wanneer ons 'n oop AJP-proxy-poort (8009 TCP) teëkom, kan ons Nginx met die `ajp_module` gebruik om toegang te verkry tot die "versteekte" Tomcat Manager. Dit kan gedoen word deur die Nginx-bronkode te compileer en die vereiste module by te voeg, soos volg:

* Laai die Nginx-bronkode af
* Laai die vereiste module af
* Compileer Nginx-bronkode met die `ajp_module`.
* Skep 'n konfigurasie-lêer wat na die AJP-poort wys
```bash
# Download Nginx code
wget https://nginx.org/download/nginx-1.21.3.tar.gz
tar -xzvf nginx-1.21.3.tar.gz

# Compile Nginx source code with the ajp module
git clone https://github.com/dvershinin/nginx_ajp_module.git
cd nginx-1.21.3
sudo apt install libpcre3-dev
./configure --add-module=`pwd`/../nginx_ajp_module --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
make
sudo make install
nginx -V
```
Kommentaar die hele `server` blok uit en voeg die volgende lyne binne die `http` blok in `/etc/nginx/conf/nginx.conf` by.
```shell-session
upstream tomcats {
server <TARGET_SERVER>:8009;
keepalive 10;
}
server {
listen 80;
location / {
ajp_keep_conn on;
ajp_pass tomcats;
}
}
```
Begin Nginx en kontroleer of alles korrek werk deur 'n cURL-versoek na jou plaaslike gasheer te stuur.
```html
sudo nginx
curl http://127.0.0.1:80

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/X.X.XX</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</headas
<body>
<div id="wrapper">
<div id="navigation" class="curved container">
<span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span>
<span id="nav-hosts"><a href="/docs/">Documentation</a></span>
<span id="nav-config"><a href="/docs/config/">Configuration</a></span>
<span id="nav-examples"><a href="/examples/">Examples</a></span>
<span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span>
<span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span>
<span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span>
<br class="separator" />
</div>
<div id="asf-box">
<h1>Apache Tomcat/X.X.XX</h1>
</div>
<div id="upper" class="curved container">
<div id="congrats" class="curved container">
<h2>If you're seeing this, you've successfully installed Tomcat. Congratulations!</h2>
<SNIP>
```
### Nginx Dockerized-weergawe
```bash
git clone https://github.com/ScribblerCoder/nginx-ajp-docker
cd nginx-ajp-docker
```
Vervang `TARGET-IP` in `nginx.conf` met AJP IP en bou en voer uit.
```bash
docker build . -t nginx-ajp-proxy
docker run -it --rm -p 80:80 nginx-ajp-proxy
```
### Apache AJP Proxy

Dit is selde om 'n oop poort 8009 te teëkom sonder enige ander toeganklike webpoorte. Dit is egter steeds moontlik om dit te benut met **Metasploit**. Deur **Apache** as 'n proxy te gebruik, kan versoeke na **Tomcat** op poort 8009 herlei word.
```bash
sudo apt-get install libapache2-mod-jk
sudo vim /etc/apache2/apache2.conf # append the following line to the config
Include ajp.conf
sudo vim /etc/apache2/ajp.conf     # create the following file, change HOST to the target address
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from localhost
</Proxy>
ProxyPass       / ajp://HOST:8009/
ProxyPassReverse    / ajp://HOST:8009/
sudo a2enmod proxy_http
sudo a2enmod proxy_ajp
sudo systemctl restart apache2
```
Hierdie opstelling bied die potensiaal om indringingdetectie- en voorkomingsisteme (IDS/IPS) te omseil weens die **binariteit van die AJP-protokol**, alhoewel hierdie vermoë nie geverifieer is nie. Deur 'n gewone Metasploit Tomcat-exploit na `127.0.0.1:80` te rig, kan jy effektief beheer oor die geteikende stelsel oorneem.
```bash
msf  exploit(tomcat_mgr_deploy) > show options
```
## Verwysings

* [https://github.com/yaoweibin/nginx\_ajp\_module](https://github.com/yaoweibin/nginx\_ajp\_module)
* [https://academy.hackthebox.com/module/145/section/1295](https://academy.hackthebox.com/module/145/section/1295)

<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>

Sluit aan by [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) bediener om met ervare hackers en bug bounty jagters te kommunikeer!

**Hacking Inligting**\
Betrek met inhoud wat die opwinding en uitdagings van hacking ondersoek

**Regte Tyd Hack Nuus**\
Bly op hoogte van die vinnige hacking wêreld deur middel van regte tyd nuus en insigte

**Laaste Aankondigings**\
Bly ingelig oor die nuutste bug bounties wat bekendgestel word en belangrike platform opdaterings

**Sluit by ons aan op** [**Discord**](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`# 8009 - Pentesting Apache JServ Protocol (AJP)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`{% hint style="success" %}`
			`Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`<summary>Ondersteun HackTricks</summary>`
arte 2024-01-03 11:42:55 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`* Kyk na die [subskripsie planne](https://github.com/sponsors/carlospolop)!`
			`* Sluit aan by die 💬 [Discord groep](https://discord.gg/hRep4RUj7f) of die [telegram groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Deel hacking truuks deur PRs in te dien na die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>`
hp 2023-02-27 10:28:45 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Sluit aan by [HackenProof Discord](https://discord.com/invite/N3FrSbmwdy) bediener om te kommunikeer met ervare hackers en bug bounty jagters!`
hp 2023-02-27 10:28:45 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Hacking Inligting\`
			`Betrek met inhoud wat die opwinding en uitdagings van hacking ondersoek`
hp 2023-02-27 10:28:45 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Regte Tyd Hack Nuus\`
			`Bly op hoogte van die vinnige hacking wêreld deur middel van regte tyd nuus en insigte`
hp 2023-07-14 17:03:41 +02:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Laaste Aankondigings\`
			`Bly ingelig oor die nuutste bug bounties wat bekendgestel word en belangrike platform opdaterings`
hp 2023-07-14 17:03:41 +02:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`Sluit by ons aan op [Discord](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!`
new link 2022-11-05 10:07:43 +01:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`## Basiese Inligting`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Van: [https://diablohorn.com/2011/10/19/8009-the-forgotten-tomcat-port/](https://diablohorn.com/2011/10/19/8009-the-forgotten-tomcat-port/)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`> AJP is 'n draadprotokol. Dit is 'n geoptimaliseerde weergawe van die HTTP-protokol om 'n standalone webbediener soos [Apache](http://httpd.apache.org/) in staat te stel om met Tomcat te kommunikeer. Histories was Apache baie vinniger as Tomcat om statiese inhoud te bedien. Die idee is om Apache statiese inhoud te laat bedien wanneer moontlik, maar om die versoek na Tomcat te proxy vir Tomcat-verwante inhoud.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ook interessant:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`> Die ajp13-protokol is pakket-georiënteerd. 'n Binaire formaat is vermoedelik gekies bo die meer leesbare platte teks om redes van prestasie. Die webbediener kommunikeer met die servlet houer oor TCP-verbindinge. Om die duur proses van sokket skepping te verminder, sal die webbediener probeer om volhoubare TCP-verbindinge met die servlet houer te handhaaf, en om 'n verbinding vir meerdere versoek/antwoord siklusse te hergebruik.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Standaard poort: 8009`
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`PORT STATE SERVICE`
			`8009/tcp open ajp13`
			```
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`## CVE-2020-1938 ['Ghostcat'](https://www.chaitin.cn/en/ghostcat)`
Update 8009-pentesting-apache-jserv-protocol-ajp.md Added information about Ghostcat, which I ran into on a recent CTF box. 2021-04-27 16:58:23 +12:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`As die AJP-poort blootgestel is, mag Tomcat kwesbaar wees vir die Ghostcat kwesbaarheid. Hier is 'n [exploit](https://www.exploit-db.com/exploits/48143) wat met hierdie probleem werk.`
Update 8009-pentesting-apache-jserv-protocol-ajp.md Added information about Ghostcat, which I ran into on a recent CTF box. 2021-04-27 16:58:23 +12:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			Ghostcat is 'n LFI kwesbaarheid, maar ietwat beperk: slegs lêers van 'n sekere pad kan getrek word. Tog kan dit lêers insluit soos `WEB-INF/web.xml` wat belangrike inligting soos akrediteer vir die Tomcat-koppelvlak kan lek, afhangende van die bedieneropstelling.
Update 8009-pentesting-apache-jserv-protocol-ajp.md Added information about Ghostcat, which I ran into on a recent CTF box. 2021-04-27 16:58:23 +12:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Gepatchte weergawes op of bo 9.0.31, 8.5.51, en 7.0.100 het hierdie probleem reggestel.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`## Enumeration`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`### Automatic`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			```bash
			`nmap -sV --script ajp-auth,ajp-headers,ajp-methods,ajp-request -n -p 8009 <IP>`
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			```
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			`### [Brute force](../generic-methodologies-and-resources/brute-force.md#ajp)`

Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`## AJP Proxy`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`### Nginx Reverse Proxy & AJP`
add dockerized version of nginx proxy with ajp 2023-09-07 03:35:02 +03:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`[Kontroleer die Dockerized weergawe](8009-pentesting-apache-jserv-protocol-ajp.md#Dockerized-version)`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			Wanneer ons 'n oop AJP-proxy-poort (8009 TCP) teëkom, kan ons Nginx met die `ajp_module` gebruik om toegang te verkry tot die "versteekte" Tomcat Manager. Dit kan gedoen word deur die Nginx-bronkode te compileer en die vereiste module by te voeg, soos volg:
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`* Laai die Nginx-bronkode af`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* Laai die vereiste module af`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			* Compileer Nginx-bronkode met die `ajp_module`.
			`* Skep 'n konfigurasie-lêer wat na die AJP-poort wys`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			`# Download Nginx code`
			`wget https://nginx.org/download/nginx-1.21.3.tar.gz`
			`tar -xzvf nginx-1.21.3.tar.gz`

			`# Compile Nginx source code with the ajp module`
			`git clone https://github.com/dvershinin/nginx_ajp_module.git`
			`cd nginx-1.21.3`
			`sudo apt install libpcre3-dev`
			./configure --add-module=`pwd`/../nginx_ajp_module --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
			`make`
			`sudo make install`
			`nginx -V`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			Kommentaar die hele `server` blok uit en voeg die volgende lyne binne die `http` blok in `/etc/nginx/conf/nginx.conf` by.
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			```shell-session
			`upstream tomcats {`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`server <TARGET_SERVER>:8009;`
			`keepalive 10;`
			`}`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			`server {`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`listen 80;`
			`location / {`
			`ajp_keep_conn on;`
			`ajp_pass tomcats;`
			`}`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			`}`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Begin Nginx en kontroleer of alles korrek werk deur 'n cURL-versoek na jou plaaslike gasheer te stuur.`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			```html
			`sudo nginx`
			`curl http://127.0.0.1:80`

			`<!DOCTYPE html>`
			`<html lang="en">`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`<head>`
			`<meta charset="UTF-8" />`
			`<title>Apache Tomcat/X.X.XX</title>`
			`<link href="favicon.ico" rel="icon" type="image/x-icon" />`
			`<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />`
			`<link href="tomcat.css" rel="stylesheet" type="text/css" />`
			`</headas`
			`<body>`
			`<div id="wrapper">`
			`<div id="navigation" class="curved container">`
			`<span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span>`
			`<span id="nav-hosts"><a href="/docs/">Documentation</a></span>`
			`<span id="nav-config"><a href="/docs/config/">Configuration</a></span>`
			`<span id="nav-examples"><a href="/examples/">Examples</a></span>`
			`<span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span>`
			`<span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span>`
			`<span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span>`
			`<br class="separator" />`
			`</div>`
			`<div id="asf-box">`
			`<h1>Apache Tomcat/X.X.XX</h1>`
			`</div>`
			`<div id="upper" class="curved container">`
			`<div id="congrats" class="curved container">`
			`<h2>If you're seeing this, you've successfully installed Tomcat. Congratulations!</h2>`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			`<SNIP>`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`### Nginx Dockerized-weergawe`
add dockerized version of nginx proxy with ajp 2023-09-07 03:35:02 +03:00			```bash
			`git clone https://github.com/ScribblerCoder/nginx-ajp-docker`
			`cd nginx-ajp-docker`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			Vervang `TARGET-IP` in `nginx.conf` met AJP IP en bou en voer uit.
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			```bash
add dockerized version of nginx proxy with ajp 2023-09-07 03:35:02 +03:00			`docker build . -t nginx-ajp-proxy`
			`docker run -it --rm -p 80:80 nginx-ajp-proxy`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`### Apache AJP Proxy`
add dockerized version of nginx proxy with ajp 2023-09-07 03:35:02 +03:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Dit is selde om 'n oop poort 8009 te teëkom sonder enige ander toeganklike webpoorte. Dit is egter steeds moontlik om dit te benut met Metasploit. Deur Apache as 'n proxy te gebruik, kan versoeke na Tomcat op poort 8009 herlei word.`
a 2024-02-08 22:36:35 +01:00			```bash
			`sudo apt-get install libapache2-mod-jk`
			`sudo vim /etc/apache2/apache2.conf # append the following line to the config`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Include ajp.conf`
			`sudo vim /etc/apache2/ajp.conf # create the following file, change HOST to the target address`
			`ProxyRequests Off`
			`<Proxy *>`
			`Order deny,allow`
			`Deny from all`
			`Allow from localhost`
			`</Proxy>`
			`ProxyPass / ajp://HOST:8009/`
			`ProxyPassReverse / ajp://HOST:8009/`
a 2024-02-08 22:36:35 +01:00			`sudo a2enmod proxy_http`
			`sudo a2enmod proxy_ajp`
			`sudo systemctl restart apache2`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			Hierdie opstelling bied die potensiaal om indringingdetectie- en voorkomingsisteme (IDS/IPS) te omseil weens die binariteit van die AJP-protokol, alhoewel hierdie vermoë nie geverifieer is nie. Deur 'n gewone Metasploit Tomcat-exploit na `127.0.0.1:80` te rig, kan jy effektief beheer oor die geteikende stelsel oorneem.
a 2024-02-08 22:36:35 +01:00			```bash
			`msf exploit(tomcat_mgr_deploy) > show options`
			```
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`## Verwysings`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00
			`* [https://github.com/yaoweibin/nginx\_ajp\_module](https://github.com/yaoweibin/nginx\_ajp\_module)`
GitBook: [#3540] No subject 2022-10-03 13:43:01 +00:00			`* [https://academy.hackthebox.com/module/145/section/1295](https://academy.hackthebox.com/module/145/section/1295)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`<figure><img src="../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>`
hp 2023-07-14 17:03:41 +02:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Sluit aan by [HackenProof Discord](https://discord.com/invite/N3FrSbmwdy) bediener om met ervare hackers en bug bounty jagters te kommunikeer!`
new link 2022-11-05 10:07:43 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Hacking Inligting\`
			`Betrek met inhoud wat die opwinding en uitdagings van hacking ondersoek`
hp 2023-02-27 10:28:45 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Regte Tyd Hack Nuus\`
			`Bly op hoogte van die vinnige hacking wêreld deur middel van regte tyd nuus en insigte`
hp 2023-02-27 10:28:45 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`Laaste Aankondigings\`
			`Bly ingelig oor die nuutste bug bounties wat bekendgestel word en belangrike platform opdaterings`
hp 2023-02-27 10:28:45 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`Sluit by ons aan op [Discord](https://discord.com/invite/N3FrSbmwdy) en begin vandag saamwerk met top hackers!`
new link 2022-11-05 10:07:43 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`{% hint style="success" %}`
			`Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`<summary>Ondersteun HackTricks</summary>`
arte 2024-01-03 11:42:55 +01:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`* Kyk na die [subskripsie planne](https://github.com/sponsors/carlospolop)!`
			`* Sluit aan by die 💬 [Discord groep](https://discord.gg/hRep4RUj7f) of die [telegram groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Deel hacking truuks deur PRs in te dien na die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 11:40:15 +00:00			`{% endhint %}`