Metasploit Penetration Testing Framework

Tomcat Administration Tool Default Access

Detect the Tomcat administration interface.

Rank

Normal

Authors

Matteo Cantoni < goony [at] nothink.org >

References

http://tomcat.apache.org/

Development

Similar Modules

Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/admin/http/tomcat_administration
msf auxiliary(tomcat_administration) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(tomcat_administration) > run

Module Options

Proxies	Use a proxy chain
RHOSTS	The target address range or CIDR identifier
RPORT	The target port (default: 8180)
THREADS	The number of concurrent threads (default: 1)
TOMCAT_PASS	The password for the specified username (default: )
TOMCAT_USER	The username to authenticate as (default: )
UserAgent	The HTTP User-Agent sent in the request (default: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))
VHOST	HTTP server virtual host
BasicAuthPass	The HTTP password to specify for basic authentication
BasicAuthUser	The HTTP username to specify for basic authentication
FingerprintCheck	Conduct a pre-exploit fingerprint verification
SSL	Negotiate SSL for outgoing connections
SSLVersion	Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
ShowProgress	Display progress messages during a scan
ShowProgressPercent	The interval in percent that progress should be shown
WORKSPACE	Specify the workspace for this module
HTTP::header_folding	Enable folding of HTTP headers
HTTP::method_random_case	Use random casing for the HTTP method
HTTP::method_random_invalid	Use a random invalid, HTTP method for request
HTTP::method_random_valid	Use a random, but valid, HTTP method for request
HTTP::pad_fake_headers	Insert random, fake headers into the HTTP request
HTTP::pad_fake_headers_count	How many fake headers to insert into the HTTP request
HTTP::pad_get_params	Insert random, fake query string variables into the request
HTTP::pad_get_params_count	How many fake query string variables to insert into the request
HTTP::pad_method_uri_count	How many whitespace characters to use between the method and uri
HTTP::pad_method_uri_type	What type of whitespace to use between the method and uri (accepted: space, tab, apache)
HTTP::pad_post_params	Insert random, fake post variables into the request
HTTP::pad_post_params_count	How many fake post variables to insert into the request
HTTP::pad_uri_version_count	How many whitespace characters to use between the uri and version
HTTP::pad_uri_version_type	What type of whitespace to use between the uri and version (accepted: space, tab, apache)
HTTP::uri_dir_fake_relative	Insert fake relative directories into the uri
HTTP::uri_dir_self_reference	Insert self-referential directories into the uri
HTTP::uri_encode_mode	Enable URI encoding (accepted: none, hex-normal, hex-all, hex-random, u-normal, u-all, u-random)
HTTP::uri_fake_end	Add a fake end of URI (eg: /%20HTTP/1.0/../../)
HTTP::uri_fake_params_start	Add a fake start of params to the URI (eg: /%3fa=b/../)
HTTP::uri_full_url	Use the full URL for all HTTP requests
HTTP::uri_use_backslashes	Use back slashes instead of forward slashes in the uri

OSVDB:	CVE:
BID:	MSB:
TEXT: