Metasploitable/Apache/Tomcat and Coyote: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 18: | Line 18: | ||
From the description of Coyote on the Tomcat page [https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html], it sounds like this server will be as susceptible to denial of service attacks as the Apache web server was. | From the description of Coyote on the Tomcat page [https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html], it sounds like this server will be as susceptible to denial of service attacks as the Apache web server was. | ||
=Flags= | =Flags= | ||
{{MSFlag}} | {{MSFlag}} | ||
Revision as of 23:47, 29 March 2016
Service
Just a reminder of what the nmap scan returned about Apache Tomcat and Coyote:
10.0.0.27 8180 tcp http open Apache Tomcat/Coyote JSP engine 1.1
JSP stands for JavaServer Pages. All this means is, web pages accessed through port 8180 will be assembled by a Java web application.
What is tomcat
Apache Tomcat provides software to run Java applets in the browser. The nmap scan didn't return the version, so that's probably the first thing we'll want to figure out.
What is coyote
Coyote is a stand-alone web server that provides servlets to Tomcat applets. That is, it functions like the Apache web server, but for JavaServer Pages (JSP).
From the description of Coyote on the Tomcat page [1], it sounds like this server will be as susceptible to denial of service attacks as the Apache web server was.
Flags
 |
Metasploit any and all resources related to metasploit on this wiki
Category:Metasploit - pages labeled with the "Metasploit" category label MSF/Wordlists - wordlists that come bundled with Metasploit MSFVenom - msfvenom is used to craft payloads Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload.
Category:Security · Category:Metasploit · Category:Kali
|
|
Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind
Metasploitable Services: distcc: Metasploitable/distcc
Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory
Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...)
Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali
|
|
Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping · Metasploitable/Defenses/Detecting
Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports
Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort
|