Scribd Logo
Upload

Welcome to Scribd!

  • 10 views

    25point Tomcat

    Uploaded by

    Mauricio
    The document details steps taken in a penetration test. It found an Apache Struts vulnerability at http://192.168.35.101/orders/orders using Gobuster and an exploit script. Running linpeas.sh revealed a hashed password, which was cracked online as adminPass1234. SSH access was then gained as tomcat@192.168.35.101.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    25point Tomcat

    Uploaded by

    Mauricio
    10 views3 pages
    The document details steps taken in a penetration test. It found an Apache Struts vulnerability at http://192.168.35.101/orders/orders using Gobuster and an exploit script. Running linpeas.sh revealed a hashed password, which was cracked online as adminPass1234. SSH access was then gained as tomcat@192.168.35.101.

    Original Description:

    Original Title

    25point-tomcat

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document details steps taken in a penetration test. It found an Apache Struts vulnerability at http://192.168.35.101/orders/orders using Gobuster and an exploit script. Running linpeas.sh revealed a hashed password, which was cracked online as adminPass1234. SSH access was then gained as tomcat@192.168.35.101.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views3 pages

    25point Tomcat

    Uploaded by

    Mauricio
    The document details steps taken in a penetration test. It found an Apache Struts vulnerability at http://192.168.35.101/orders/orders using Gobuster and an exploit script. Running linpeas.sh revealed a hashed password, which was cracked online as adminPass1234. SSH access was then gained as tomcat@192.168.35.101.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Nmap:

    Gobuster:
    On endpoint:

    http://192.168.35.101/orders/orders

    this is strust.

    Using exploit script:

    https://github.com/LightC0der/Apache-Struts-0Day-Exploit

    download and run => got RCE:


    Running linpeas.sh => got hashed password

    Search online on google => got the password: adminPass1234

    Then you can ssh tomcat@192.168.35.101

    You might also like