Metasploitable/Apache/Tomcat and Coyote: Difference between revisions

From charlesreid1

No edit summary
No edit summary
Line 6: Line 6:
10.0.0.27  8180  tcp    http        open  Apache Tomcat/Coyote JSP engine 1.1
10.0.0.27  8180  tcp    http        open  Apache Tomcat/Coyote JSP engine 1.1
</pre>
</pre>
JSP stands for JavaServer Pages. All this means is, web pages accessed through port 8180 will be assembled by a Java web application.
==What is tomcat==
Apache Tomcat provides software to run Java applets in the browser. The nmap scan didn't return the version, so that's probably the first thing we'll want to figure out.
==What is coyote==
Coyote is a stand-alone web server that provides servlets to Tomcat applets. That is, it functions like the Apache web server, but for JavaServer Pages (JSP).
From the description of Coyote on the Tomcat page [https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html], it sounds like this server will be as susceptible to denial of service attacks as the Apache web server was.




Revision as of 23:46, 29 March 2016

Service

Just a reminder of what the nmap scan returned about Apache Tomcat and Coyote: 

10.0.0.27  8180  tcp    http         open   Apache Tomcat/Coyote JSP engine 1.1

JSP stands for JavaServer Pages. All this means is, web pages accessed through port 8180 will be assembled by a Java web application.

What is tomcat

Apache Tomcat provides software to run Java applets in the browser. The nmap scan didn't return the version, so that's probably the first thing we'll want to figure out.

What is coyote

Coyote is a stand-alone web server that provides servlets to Tomcat applets. That is, it functions like the Apache web server, but for JavaServer Pages (JSP).

From the description of Coyote on the Tomcat page [1], it sounds like this server will be as susceptible to denial of service attacks as the Apache web server was.


Flags


Defcon.png
Metasploit
any and all resources related to metasploit on this wiki


MSF - on the metasploit framework generally

Category:Metasploit - pages labeled with the "Metasploit" category label

MSF/Wordlists - wordlists that come bundled with Metasploit

MSFVenom - msfvenom is used to craft payloads

Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload.


Category:Security  · Category:Metasploit  · Category:Kali


Flags  · Template:MetasploitFlag  · e





Defcon.png
Metasploitable: The Red Team
Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.


Metasploitable Databases:

Exploiting MySQL with Metasploit: Metasploitable/MySQL

Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres


Metasploitable Networking:

Exploiting VSFTP Backdoor: Metasploitable/VSFTP

SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force

SSH Penetration with Keys: Metasploitable/SSH/Keys

SSH Penetration with Metasploit: Metasploitable/SSH/Exploits

Brute-Forcing /etc/shadow File: Metasploitable/John Shadow File

Exploiting NFS: Metasploitable/NFS

Exploiting DNS Bind Server: Metasploitable/DNS Bind


Metasploitable Services:

distcc: Metasploitable/distcc


Metasploitable Apache:

Exploiting Apache (with Metasploit): Metasploitable/Apache

Exploiting Apache (with Python): Metasploitable/Apache/Python

Tor's Hammer DoS Attack: Metasploitable/TorsHammer *

Apache DAV: Metasploitable/Apache/DAV *

Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote


Metasploitable Memory:

General approach to memory-based attacks: Metasploitable/Memory

Investigating memory data: Metasploitable/Volatile Data Investigation

Dumping Memory from Metasploit: Metasploitable/Dumping Memory


Metasploitable Fuzzing:

(Have not done much work on fuzzing Metasploitable...)

Fuzzing  · American Fuzzy Lop


Category:Security  · Category:Metasploit  · Category:Metasploitable  · Category:Kali


Flags  · Template:MetasploitableRedTeamFlag  · e




Defcon.png
Metasploitablue: The Blue Team
Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.

Hence the name, Metasploita-blue.

Overview: Metasploitable/Defenses

Metasploitable/Defenses/Stopping  · Metasploitable/Defenses/Detecting


Metasploitable On-Machine Defenses:

Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation

Linux Artifact Investigation: Metasploitable/Artifact Investigation

Linux Iptables Essentials: Metasploitable/Iptables

Firewall Assurance and Testing: Metasploitable/Firewall

Password Assessment: Metasploitable/Password Assessment

Standard Unix Ports: Unix/Ports


Metasploitable Networking Defenses:

Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat

Nmap (Blue Team): Metasploitable/Nmap

Network Traffic Analysis: Metasploitable/Network Traffic Analysis

Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns

Snort IDS: Metasploitable/Snort


Category:Security  · Category:Metasploit  · Category:Metasploitable  · Category:Kali


Flags  · Template:MetasploitableBlueTeamFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Metasploitable/Apache/Tomcat_and_Coyote&oldid=10095"