Guidebooks
TerminalCode

AJP

Apache JServ Protocol.

Apache JServ Protocol is a network protocol used for communication between a web server and a web application or app server. Since it is a binary protocol, we need to configure our Nginx or Apache web server with AJP modules to interact with it and access the underlying application in order to discover administrative panels, applications, and Web sites that would otherwise be inaccessible (of course if the victim server is not configured correctly and is open).

AJP proxy ports : 8009 TCP

Nginx Reverse Proxy Setting with ajp_module

Use Nginx with ajp_module to access the “hidden” Tomcat Manager.

Download the source code of Nginx

wget https://nginx.org/download/nginx-1.21.3.tar.gz
tar -xzvf nginx-1.21.3.tar.gz

Download the required module

git clone https://github.com/dvershinin/nginx_ajp_module.git

Compile Nginx source code with ajp_module extension

cd nginx-1.21.3
sudo apt install libpcre3-dev
./configure --add-module=`pwd`/../nginx_ajp_module --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
make
sudo make install
nginx -V

Creates a configuration file that pointing to the AJP port

# in /etc/nginx/conf/nginx.conf replace block http{ ... server{ ... with: 

upstream tomcats {
	server <TARGET_SERVER>:8009;
	keepalive 10;
	}
server {
	listen 80;
	location / {
		ajp_keep_conn on;
		ajp_pass tomcats;
	}
}

Starting and sending request (should connect to tomcat)

sudo nginx
curl http://127.0.0.1:80

Close

sudo nginx -s stop

Apache Reverse Proxy Setting with AJP Module

If you want to change the port on which to run Apache, you need to edit in /etc/apache2/ports.conf.

Install the package libapache2-mod-jk

sudo apt install libapache2-mod-jk

Enable the module

sudo a2enmod proxy_ajp
sudo a2enmod proxy_http

Create a configuration file that pointing to the target AJP-Proxy port

export TARGET="<TARGET_IP>"
echo -n """<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / ajp://$TARGET:8009/
ProxyPassReverse / ajp://$TARGET:8009/""" | sudo tee /etc/apache2/sites-available/ajp-proxy.conf
sudo ln -s /etc/apache2/sites-available/ajp-proxy.conf /etc/apache2/sites-enabled/ajp-proxy.conf

Starting and sending request (should connect)

sudo systemctl start apache2
curl http://127.0.0.1:80

Close

sudo systemctl stop apache2

Last updated