Jump to content
Wubi

Using Metasploit To Create A WAR Backdoor

By Wubi, in Tutoriale in engleza

Recommended Posts

Wubi Newbie

Wubi

Posted
Posted

If we have performed a penetration test against an Apache Tomcat server and we have managed to gain access then we might want to consider to place a web backdoor in order to maintain our access.Apache Tomcat accepts .WAR file types so our backdoor must have this file extension.In case that we don’t have a WAR backdoor already in our disposal we can use Metasploit to create one very fast.

The first thing that we have to do is to create the WAR file.That WAR file will carry a common metasploit payload that will connect back to us once it is executed.Our Apache Tomcat is on a Linux host so for this example we will use a linux payload.

11.png?w=645&h=102

The LHOST of course is our local IP address and we have used the name pentestlab for the war file.Once we execute this command the metasploit will insert the payload on a .jsp file and it will save it as pentestlab.war.However the metasploit will use a random name for the .jsp backdoor so we need to know before we upload it the name.A quick method is to extract the pentestlab.war file in order to see the exact file name of the .jsp backdoor.

52.png?w=645

The next step is to go to Apache Tomcat Manager and to upload it.

22.png?w=645&h=235

Now that the backdoor has been uploaded we need to use the netcat utility and to put it on the listen mode.So we need to execute the following command: nc -l -v -p 4444 which it will listen for any incoming connection on port 4444.The backdoor that the metasploit has created by default it will use the 4444 for connections so everything now it is ready.We access the backdoor from our web browser which in this example will be in the following url:

http://172.16.212.133:8180/pentestlab/urgnthejgn.jsp

and we have a reverse shell connection with the web server.

61.png?w=645

Conclusion

As we saw we can use the Metasploit Framework in order to create fast a simple backdoor for our target.This can help us in a situation where we want to maintain a connection with the server and we don’t have already a WAR backdoor for deployment in our files.

Sursa Penetration Testing Lab

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...