search
SecurityVulnerabilityTerminalCode

AJP

Apache JServ Protocol.

Apache JServ Protocolarrow-up-right is a network protocol used for communication between a web server and a web application or app server. Since it is a binary protocol, we need to configure our Nginx or Apache web server with AJP modules to interact with it and access the underlying application in order to discover administrative panels, applications, and Web sites that would otherwise be inaccessible (of course if the victim server is not configured correctly and is open).

AJP proxy ports : 8009 TCP

hashtag
Nginx Reverse Proxy Setting with ajp_module

Use Nginx with ajp_module to access the “hidden” Tomcat Manager.

Download the source code of Nginx

wget https://nginx.org/download/nginx-1.21.3.tar.gz
tar -xzvf nginx-1.21.3.tar.gz

Download the required module

git clone https://github.com/dvershinin/nginx_ajp_module.git

Compile Nginx source code with ajp_module extension

cd nginx-1.21.3
sudo apt install libpcre3-dev
./configure --add-module=`pwd`/../nginx_ajp_module --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
make
sudo make install
nginx -V

Creates a configuration file that pointing to the AJP port

# in /etc/nginx/conf/nginx.conf replace block http{ ... server{ ... with: 

upstream tomcats {
	server <TARGET_SERVER>:8009;
	keepalive 10;
	}
server {
	listen 80;
	location / {
		ajp_keep_conn on;
		ajp_pass tomcats;
	}
}

Starting and sending request (should connect to tomcat)

Close

hashtag
Apache Reverse Proxy Setting with AJP Module

If you want to change the port on which to run Apache, you need to edit in /etc/apache2/ports.conf.

Install the package libapache2-mod-jk

Enable the module

Create a configuration file that pointing to the target AJP-Proxy port

Starting and sending request (should connect)

Close

Last updated