Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

Tomcat 8 Manager 用户认证枚举 (弱口令爆破)

wpadmin~September 10, 2019 /InfoSec

Tomcat 8 Manager 用户认证凭据枚举

<!–more–>

HTTP 交互分析

采用 HTTP Basic Auth

认证请求

GET /manager/html HTTP/1.1
Host: 192.168.198.133:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Authorization: Basic dG9tY2F0OnRvbWNhdA==

认证成功的 HTTP 响应头

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Set-Cookie: JSESSIONID=1CA160B50A85CD4F22555D92B051B7C9; Path=/manager; HttpOnly
Content-Type: text/html;charset=utf-8
Date: Tue, 10 Sep 2019 04:02:30 GMT
Content-Length: 17665

认证失败的 HTTP 响应头

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 UTC
WWW-Authenticate: Basic realm=&quot;Tomcat Manager Application&quot;
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 2473
Date: Tue, 10 Sep 2019 04:02:52 GMT

注意,如果管理员删除相关目录,还有可能出现 404 的响应状态码。

Leave a Reply

Your email address will not be published. Required fields are marked *