GitBook: [master] 4 pages and 8 assets modified
Before Width: | Height: | Size: 93 KiB After Width: | Height: | Size: 93 KiB |
Before Width: | Height: | Size: 93 KiB After Width: | Height: | Size: 93 KiB |
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 13 KiB |
|
@ -10,7 +10,7 @@ dht udp "DHT Nodes"
|
|||
|
||||
![](.gitbook/assets/image%20%28182%29.png)
|
||||
|
||||
![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
|
||||
![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
|
||||
|
||||
InfluxDB
|
||||
|
||||
|
|
|
@ -12,8 +12,8 @@ Here you will find the **typical flow** that **you should follow when pentesting
|
|||
|
||||
**Click in the title to start!**
|
||||
|
||||
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/) **\*\*\[**PEASS & HackTricks telegram group here**\]\(**[https://t.me/peass](https://t.me/peass)**\), or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)**\[**@carlospolopm**\]\(**[https://twitter.com/carlospolopm](https://twitter.com/carlospolopm)**\)**.
|
||||
**If you want to** share some tricks with the community **you can also submit** pull requests **to \[**[https://github.com/carlospolop/hacktricks\*\*\]\(https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks)\) that will be reflected in this book.
|
||||
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)[@carlospolopm](https://twitter.com/carlospolopm).
|
||||
**If you want to** share some tricks with the community **you can also submit** pull requests **to** [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks) that will be reflected in this book.
|
||||
Don't forget to\*\* give ⭐ on the github to motivate me to continue developing this book.
|
||||
|
||||
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29.png)
|
||||
|
|
|
@ -41,5 +41,5 @@ The good news is that **this payload is executed automatically when the file is
|
|||
|
||||
It's possible to execute a calculator with the following payload **`=cmd|' /C calc'!xxx`**
|
||||
|
||||
![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
|
||||
![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ It’s not often that you encounter port 8009 open and port 8080,8180,8443 or 80
|
|||
sudo apt-get install libapache2-mod-jk
|
||||
sudo vim /etc/apache2/apache2.conf # append the following line to the config
|
||||
Include ajp.conf
|
||||
sudo vim /etc/apache2/ajp.conf # create the following file, change HOST to the target address
|
||||
sudo vim /etc/apache2/ajp.conf # create the following file, change HOST to the target address
|
||||
ProxyRequests Off
|
||||
<Proxy *>
|
||||
Order deny,allow
|
||||
|
@ -39,7 +39,7 @@ sudo a2enmod proxy_ajp
|
|||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
A nice side effect of using this setup is that you might thwart IDS/IPS systems in place since the AJP protocol is somewhat binary, but I haven’t verified this. Now you can just point your regular metasploit tomcat exploit to 127.0.0.1:80 and take over that system. Here is the metasploit output also:
|
||||
A nice side effect of using this setup is that you might thwart IDS/IPS systems in place since the AJP protocol is somewhat binary, but I haven’t verified this. Now you can just point your regular metasploit tomcat exploit to 127.0.0.1:80 and take over that system. Here is the metasploit output also:
|
||||
|
||||
```text
|
||||
msf exploit(tomcat_mgr_deploy) > show options
|
||||
|
|