Forum Discussion

KingMashaba's avatar
KingMashaba
Icon for Bronze II rankBronze II
2 months ago

Introduction to Metasploit: Ep.9 – Demonstrate Your Skills

Please help me out here. I managed to brute for to Apache Tomcat Manager using:  auxiliary/scanner/http/tomcat_mgr_login

QCC:Qlogic66

When i try to log in to site it is not working 

http://10.10.10.10:9090/manager/html

I need to spawn a user level shell on the victim machine using this creds, not sure why they are not working. I need to use any of these exploits and they require a username and password : 

1.  exploit/multi/http/tomcat_mgr_deploy         2009-11-09 
2. exploit/multi/http/tomcat_mgr_upload         2009-11-09  

 

4 Replies

  • I'd suggest double checking all the options for the exploits, little mistakes can often mess up exploits.
    Be careful when copying passwords as they are case sensitive.
    Do you have the correct rport set?
    Try different targetURIs such as /manager

    Failing that, if you have the username & password you will likely be able to login to web app and upload a reverse shell  then set up a listener in Metasploit using exploit/multi/handler to get a shell.

    • KingMashaba's avatar
      KingMashaba
      Icon for Bronze II rankBronze II

      Hi neeemu​ , Thanks for your response.

      I tried a few things my side.

      Before using the exploits, i tried checking if these creds work by firstly trying to log in to manager app on the Webui(http://<ip>:port/manager/html), it was not taking the creds. 

      I went to the website itself and clicked on manager, when i log  in still not working. If the creds are not working on the website itself, they are not most likely not going to work with the exploits since they require same creds(username and password)

      I further used scanner/http/dir_scanner to find interesting directories that i can use, managed to find this ones only 

       

      • neeemu's avatar
        neeemu
        Icon for Bronze III rankBronze III

        Be careful when copying passwords as they are case sensitive.

        The password you shared is not exactly the same as shown in the image.