Penetration Testing Lab Setup:Tomcat

In this article, we will learn the process of installing an Apache Tomcat on any Linux Machine. We will also learn how to gain control over our victim’s PC through exploiting Apache Tomcat.

Requirements:

Server/Victim Machine: Ubuntu 18.04

Pentesting Machine: Kali Linux

Table of Content

Introduction of Apache Tomcat

Installation of Apache Tomcat

  • Install Apache
  • Install Java JDK
  • Download tomcat manager
  • Tomcat manager configuration
  • Create a tomcat user and group
  • Assign permission
  • Create a systemd Service File
  • Update firewall to allow tomcat
  • Configure Tomcat Web Management Interface
  • Access the Web Interface

Exploiting Apache Tomcat

Introduction of Apache Tomcat

Apache Tomcat which is also known as Tomcat Server is a Java-Based HTTP Web Server. It implements Java EE Specifications like Java Servlet, JavaServer Pages (JSP), Java EL, and WebSocket. It is an open-source software made by developers at Apache Software Foundation. Apache has been released as early as 1999. That makes Apache Tomcat 20 years old at the time of publication of this article.

Apache Tomcat in its simplest configuration runs in a single operating system process. This process is commonly known as the Java virtual machine (JVM). This allows Apache Tomcat platform-independent as well as secure as compared to others.

Installation of Apache Tomcat

Let’s start with apache tomcat installation but before that, you should go with below command.

Now, Apache Tomcat needs Java to be installed so that the Java Application code can be executed on the server. To make this possible, installed the Java Development Kit.

Create User and Group

To run the tomcat as an unprivileged user, create a group and a new user named as tomcat. We have created the user in /opt because we are going to install tomcat in that directory. We don’t need the tomcat user to use the shell so we will be using the -s parameter to set /bin/false shell. By doing this authentication will get disabled for the tomcat user.

Download Tomcat Manager

Now, we are going to download the apache tomcat Package from here.  After downloading it’s time to extract the package it inside /opt directory and move forward.

Assign Permissions

Now we are going to use the chgrp command to give the ownership of the tomcat directory to the tomcat group.

To allow the tomcat group user to perform the read and execute operation change permission for /conf file as given below.

Also give ownership to the tomcat group user for directories like webapp/, work/, temp/ and logs/.

We want Apache Tomcat to be run as a service and for that, we will have to set up a system service. To do this, we are going to require the location of the Java Installation. For this, we will be running the command given below.

Create an SYSTEMD Service File

To create a system service file, open the tomcat. service file in the /etc/systemd/system directory using nano editor.

Now append the following content and modify the JAVA_HOME as shown below 

Now Save this file. This will make tomcat a service.

Reload the systemd daemon to register our newly created tomcat service. If everything is done correctly, we will able to run, stop and see the status of the Apache Tomcat as a service.

Update Firewall to Allow Tomcat

It’s time to allow the tomcat via our firewall Since Ubuntu has the ufw installed and set up by default. Apache Tomcat generally uses the post 8080 to receive requests from users.

Execute below command to start tomcat starts automatically whenever the machine boots up.

Configure Tomcat Web Management Interface

At this stage, if you will browse the Server IP with the port 8080, you will be greeted with an Apache Tomcat Page. But if you will click on the links to the Manager App, you will get Access Denied. This means that you haven’t yet set up the Tomcat Web Manager Interface. So, let’s do that and complete the Apache Tomcat Setup.

Open the file using the nano editor and make the following changes as shown in the image given below.

You can change the username and password as per your choice. We will save and close the editor after making appropriate changes.

By default, Apache Tomcat restricts access to the Manager and Host Manager apps to connections coming from the server. As we are installing Tomcat for a remote machine, we will probably want to alter this restriction. To change the restrictions on these, we will be editing these context.xml files.

Inside, comment out the IP address restriction to allow connections from anywhere. Alternatively, if you would like to allow access only to connections coming from your own IP address.

We do the same thing with the host-manager file. To allow access to Host Manager too.

saved the changes restart the tomcat service.

Access the Web Interface

We got to the interface by entering your server’s domain name or IP address followed on port 8080 in our browser. Now we will try to see if the Manager and Host Manager interfaces are working. Click the Buttons highlighted in the image.

The Login authentication page will pop-up as expected, we enter the credentials that we created earlier.

Upon verification of the credentials, Apache Tomcat lands us to this Tomcat Virtual Host Manager Interface. From this page, you can add virtual hosts to serve your applications. This concludes our Apache Tomcat Setup.

Exploiting Apache Tomcat

Now that we have successfully installed the Apache Tomcat Framework, Let’s do its Penetration Testing. We are going to use Metasploit for exploiting the Apache Tomcat.

This module can be used to execute a payload on Apache Tomcat servers that have an exposed “manager” application. The payload is uploaded as a WAR archive containing a JSP application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.

As a result, you can observe that we have the meterpreter session of the target machine.

Learn multiple ways to exploit tomcat manager from here.

Author: Ahmad is a Technical Writer, Researcher and Penetration Tester. Contact here

Web Server Lab Setup for Penetration Testing

In this post, we will discuss how to set-up our own web server for penetration testing on Ubuntu 18. Ubuntu 18 has updated with the new features.

Table of Content

Requirement

Web Server configuration

  • Apache
  • PHP
  • MySQL
  • phpMyAdmin
  • FTP
  • SSH
  • Nmap

Requirement-ubuntu 18.0

Web Server Configuration

The Web server is a program that uses HTTP to serve users with files forming web pages in response to requests transmitted by their HTTP clients. 

The Web servers can also be called dedicated computers and apparatuses.

Install Apache

First, we will install the Apache. Apache is the most commonly used Web server on Linux Systems. Web servers are used to serve web pages requested by the client computers. So, let’s first install Apache in the ubuntu by the following command-

 We have successfully installed apache2, by default apache runs on port 80.

Install PHP

Now we will install PHP 7modukle for Apache 2 and for all of its dependencies. Earlier we used to install PHP 5 module for Ubuntu 14. But now as it is not compatible in ubuntu 18.so we will install the latest version of php which is php7.2 For this run the following command in ubuntu terminal-

As you can see, we have done with php installation.

Install MySQL Server

Now comes the next step which is the installation of MySQL server. MySQL is the famous open-source database which was very easier to install earlier. But now it requires some changes for Ubuntu 18.

So, let’s go ahead step by step.

First, we will install MySQL server by the following command-

So, we are done with the installation. In Ubuntu 14, MySQL did not need a password as it required only the root user to logged in. But now it needs a password and it won’t allow the root user to log in so we will provide a username and password of ubuntu in MySQL with the following command and as it will ask for the password; you have to use your ubuntu password here. After it gets logged in you will grant all the privileges to the user of Ubuntu as in our case we have given all the privileges to user raj which will be identified with the password of ubuntu which is 123 in our case and after which we will reset all the previous privileges so that it can start the service with the new changes. For this, the commands are the following.

Great we are done with MySQL server installation, by default it runs on port 3306, now restart MySQL service.

Install phpMyAdmin

 Now the next step is the installation of a phpMyAdmin software tool which is written in PHP and which is proposed to handle the administration of MYSQL over the WEB and it also supports a wide range of operations on MYSQL. First, we need to install phpMyAdmin by the following command-

After the installation, it will ask you to choose the web server. Here you need to choose apache2 which will automatically be configured to run phpmyadmin.

Next, you will get a prompt which will be opened to configure a database for phpmyadmin with dbconfig-common. Here you need to click on yes and the enter.

 Again, you will get a prompt which will ask you to submit the password for phpMyAdmin, to register with the database server. Here we have given 123 as the password as it is essential to give it a password now.

The next step is the configuration of phpmyadmin under apache, for this we need to edit apache2 conf file by adding two lines at the end of this file:

At the last, as shown in the image below and then save it and after the editing saves the file and restart apache2 service.

Now open phpmyadmin in the browser as localhost/phpmyadmin as shown in the image below-

Install ftp

 Now we will install FTP server in ubuntu which is used for the transfer of computer files between a client and server on a computer network. For this run the following command in the terminal-

As we can see in the above screenshot that ftp service has been installed in our system which runs on port 21

Install ssh

Now the next is SSh protocol which is method for secure remote login from one computer to another.so lets install this service by the following command. It is installed successfully; by default, it runs on port 22.

Install Nmap

Now in order to check that the above services have been installed properly in our system; we will use nmap which is a scanner for ports and which tells us about the open ports and running services status.

So, let’s install that by the following command-

Once the installation is done, we will scan our own system by the following command and it will scan our system and will come up with the desired results as you can see in the image given below-

Author: Geet Madan is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information SecurityContact here

Penetration Testing Lab Setup: Memcached

In this article, we are going to learn about pen-testing in Memcached lab setup in Ubuntu 18.04. Memcached server is used by corporations in order to increase the speed of their network as it helps to store frequently used data. This helps to take the load of the hardware and decrease the time taken.

Table of Contents

  • Introduction to Memcached.
  • Memcached Installation.
  • Memcached Configuration.

Introduction to Memcached

Memcached is a distributed memory object caching system. It’s an open source and without any cost tool. It is used to speed up web applications by using a database from the cache memory. It is an in-memory key-value store for little bits of self-assertive information (strings, objects) that is extracted from database calls, API calls, or page rendering. Memcached is basic however capable of advancing speed arrangement, ease of advancement, and understands numerous issues confronting expansive information caches. Its API is accessible for most prevalent languages.

Memcached Installation

To install, boot up your Ubuntu machine and open the terminal.

Note: Apache2 should be installed before installing Memcached. You can easily install Apache2 by just typing in a simple command.

Now that we are all done, let’s setup Memcached by typing the commands shown below.

After installing Memcached add ppa:ondrej/php PPA in your Ubuntu system’s repository to

download and install the latest version of PHP available. Follow the commands as shown below.

After adding the repository, update the system by typing in the following command.

Now, install PHP by executing the command shown below :

Now that PHP has been installed successfully in our system, we will go ahead and install the PHP Memcached module by executing the below command:

Once the installation is complete, restart the Apache2 service.

Now check whether the PHP extension is working fine or not by creating an info.php by using the code mentioned below with nano or any text editor you like.

Now save the file in /var/www/html

Once the file is saved, access it from your web browser by typing in the following URL.

You should see the results as shown in the image below.

Memcached Configuration

Now, here we are going to configure the Memcached Server. To do so, we have to edit its configuration file. You will find this configuration file through /etc/memcached.conf path. Open the memcached.conf file using nano or any other text editor. The commands that are shown below will be given and activated by default. The purpose of this mentioning is to let you know that where you can find it; along with why and how to make changes to it., if necessary. Following are the said commands which are important for low-level Memcached Server configuration:

-m 64

Here,

m: specifies the maximum memory limit which is used by Memcached daemon. By default, this limit is 64 MB

-p 11211

Here,

p: specifies the port number. By default, it’s 11211.

-u memcache

Here,

u starts the daemon tool as root.

After this, uncomment “-l 127.0.0.1” by simply adding # as shown in the image, as it will not be so by default. By uncommenting, it will stop binding the IP address of Memcached listener to the loopback IP. Hence, traffic can come from any IP over the internet.

Now once you saved the configuration file after making the changes, restart the service by using the following command :

Then use the following command to confirm whether Memcached configurations are working are not :

Once you are done with the above commands, connect Memcached through telnet and do a version check by typing in “version” command:

Now, you can use nmap to check if the Memcached service is running on the server.

Conclusion

To conclude, we can say that Memcached is a distributed memory caching system. It uses expiration timeouts i.e. if the server has no memory left, it will evict items to replace them with the new ones. The items it chooses to replace are the ones which have not been requested for a long period of time. And so, in the above article, we have provided a basic guide to set up the Memcached penetration testing lab.

Author: Benoy Naskar is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information SecurityContact here