Tomcat

# BurpSuite
访问`http://host:port/manager/html`

![image](https://user-images.githubusercontent.com/48520137/70121513-b464a400-16a9-11ea-918d-df9b87ace362.png)

Burp抓包进行暴力破解

![image](https://user-images.githubusercontent.com/48520137/70121661-03123e00-16aa-11ea-803b-613fb08def9e.png)

查看请求包，发现将输入的账号、密码重新编码为Base64密文：`用户名:密码 > admin:admin > YWRtaW46YWRtaW4=`
```
GET /manager/html HTTP/1.1
Host: 192.168.100.17:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.100.17:8080/
Connection: close
Cookie: JSESSIONID=C415245CC7B4597217A5869528EFB776
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Authorization: Basic YWRtaW46YWRtaW4=
```
![image](https://user-images.githubusercontent.com/48520137/70122522-c1829280-16ab-11ea-8367-3e0c225ea41c.png)

发送至**Intruder**模块，标记暴力破解变量（YWRtaW46YWRtaW4=），选择攻击类型（Sniper）
![image](https://user-images.githubusercontent.com/48520137/70122742-2211cf80-16ac-11ea-8d80-ed0f9e2b4d7b.png)

Payload设置，类型选择`Custom iterator`自定义迭代器，设置三个迭代`payload`分别代表：`用户名` 
`:` `密码`
> 用户名攻击载荷设置

![image](https://user-images.githubusercontent.com/48520137/70123717-35be3580-16ae-11ea-91e3-7cf6577c7835.png)

> `:`攻击载荷设置

![image](https://user-images.githubusercontent.com/48520137/70123865-7fa71b80-16ae-11ea-8ca9-8076e88d3214.png)

> 密码攻击载荷设置

![image](https://user-images.githubusercontent.com/48520137/70123894-8cc40a80-16ae-11ea-91ec-0007ec3ee523.png)

设置编码器（Base64）
![image](https://user-images.githubusercontent.com/48520137/70124068-edebde00-16ae-11ea-9465-1abfd7ccd5c2.png)

取消勾选
![image](https://user-images.githubusercontent.com/48520137/70124321-7cf8f600-16af-11ea-838a-db3ec1ed2251.png)

进行爆破
![image](https://user-images.githubusercontent.com/48520137/70124624-322bae00-16b0-11ea-8069-0956a370842c.png)

# 工具/脚本

![image](https://user-images.githubusercontent.com/48520137/70125872-b41cd680-16b2-11ea-8241-d0196328758d.png)

![image](https://user-images.githubusercontent.com/48520137/70125660-35c03480-16b2-11ea-8560-611849ef457e.png)

# Metasploit

`use auxiliary/scanner/http/tomcat_mgr_login`

![image](https://user-images.githubusercontent.com/48520137/70128085-3c9d7600-16b7-11ea-93ee-4ec7614a839e.png)
![image](https://user-images.githubusercontent.com/48520137/70128103-43c48400-16b7-11ea-9add-dc5472808542.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tomcat #58

BurpSuite

工具/脚本

Metasploit

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Tomcat #58

Description

BurpSuite

工具/脚本

Metasploit

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions