Description
This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component.
NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/http/tomcat_mgr_uploadmsf undefined(tomcat_mgr_upload) > show actions ...actions...msf undefined(tomcat_mgr_upload) > set ACTION < action-name >msf undefined(tomcat_mgr_upload) > show options ...show and set options...msf undefined(tomcat_mgr_upload) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub