configured to listen on port 8180. So, we simply use our browser to connect to the server with the correct port number, and are immediately prompted with a Basic Authentication login box.
Using the default credentials, we were able to access the Tomcat Manager. Great! But now what? Well, the next thing we wanted to do is see if we could upload our own web application. As you can see from the example below, there are a number of apps already installed, what if we could install our own? This is where we turned to Laudanum. If you’re not yet familiar with it, I recommend reading James Jardine’s blog on the Introduction of Laudanum.
2008 servers, so our next obvious step was to access the command line and see if we could add a user. This was done by creating a new tab on the browser and linking to http://<server ip>:<tomcat port>/filebrowser/cmd.jsp. This resulted in a form where we were able to submit commands to create a user account, siuser, and add our new user account to the local administrators group, using the following commands:
the hash attack against other Windows servers on the network. So, now you know why we get so excited when
we find administrative web consoles on servers, especially those using default creds. It’s just a few steps away from