Hacking Apache Tomcat question

[_SpyMachine]

So I'll preface this stating that I'm quiet a n00b at this, so I apologize in advance for a potentially stupid question.

Anyway, I have an ip address and ran nmap and found that it is running Apache Tomcat/Coyote JSP Engine 1.1 on one of its ports. However, I'm under the impression that if i put the ip address and the port Tomcat is running in in my browser (i.e. x.x.x.x:x) I should see the Apache Tomcat page and configurations. At least this is what happens in tutorials of people using Metasploitable. However, I have found no such page and it just downloads some bin file to my computer (which is kinda sketchy to begin with, but I know the host isn't malicious). I've also had no luck exploiting apache tomcat with metasploit, so I'm under the impression that these two problems are related.

Could it have something to do with the fact that the server is under a firewall. The port is open, but I don't know if this could still affect this somehow.

Thanks!

[ande]

What is Metasploitable?

Also, this totally depends on the server admins. You can easely config your server so that it never shows any config or otherwise info-revealing pages. Look at EZ's IP's. We just have a index, you wont find any index.php with server info or whatever here.

What you could look at is the HTTP headers. I am not sure what the problem here is, do you want to verify that it is actually a Apache Tomcat or does your exploit(s) require such a config page or? Not sure what the problem here is. If metasploit cant exploit, they are probably running a patched or updated version.

Also, bin files? Executables or .bin files? Probably just some random config/settings/info files.

[_SpyMachine]

Thanks Ande, sorry I was away so I didn't respond.

With zero research, my understanding is Metasploitable is basically a virtual machine I think that is vulnerable to a bunch of exploits using Metasploit. It's basically for teaching the framework.

I see what you're saying about the admin not revealing the admin page. The exploit that I'm using does a simple dictionary attack on the login page. So I guess it could be blocked if I don't have access to that page. I tried a few other exploits, nothing seemed to get through though. Could be right, a fully patched system.

[ande]

Sorry for late reply.

Metasploitable actually is something! XD

I thought it was just a typo lol. You could consider posting Metasploitable in the tools section, someone might find it useful.

[lsquared]

Metasploitable is definitely open to multiple exploits from Metasploit.. trust me

I put up an ebook in the ebook section called Metasploit: The Penetration Tester's Guide which could be of some help to you for learning Metasploit better. Also securitytube.net has about 20 videos of a "Metasploit Megaprimer" which is also helpful and is almost like classroom learning.

Also, when you're first beginning try using a tool called Nessus. It's a vulnerability scanner which will scan specified systems for vulnerable services running. Obviously not incredibly stealthy but you're not hacking the Gibson. Google that and install the home version which is free to use.

Hope this helps!

P.S. I'm gonna a throw a link in a different post to many deliberately vulnerable VMs for those that are into that kind of thing