Rapid7 Vulnerability & Exploit Database

Apache Tomcat on Ubuntu Log Init Privilege Escalation

Back to Search

Apache Tomcat on Ubuntu Log Init Privilege Escalation



Tomcat (6, 7, 8) packages provided by default repositories on Debian-based distributions (including Debian, Ubuntu etc.) provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account (for example, by exploiting an RCE vulnerability in a java web application hosted on Tomcat, uploading a webshell etc.) to escalate their privileges from tomcat user to root and fully compromise the target system. Tested against Tomcat 8.0.32-1ubuntu1.1 on Ubuntu 16.04


  • h00die
  • Dawid Golunski <dawid@legalhackers.com>




x86, x64, python


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/local/tomcat_ubuntu_log_init_priv_esc
msf exploit(tomcat_ubuntu_log_init_priv_esc) > show targets
msf exploit(tomcat_ubuntu_log_init_priv_esc) > set TARGET < target-id >
msf exploit(tomcat_ubuntu_log_init_priv_esc) > show options
    ...show and set options...
msf exploit(tomcat_ubuntu_log_init_priv_esc) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security