Pentesting tomcat
Usually found on port 8080.
Default credentials:
| admin:admin
tomcat:tomcat
admin:<NOTHING>
admin:s3cr3t
tomcat:s3cr3t
admin:tomcat
tomcat:tomca
|
Dictionaries:
Directory enumeration
Brute force
| hydra -l tomcat -P /usr/share/wordlists/SecLists-master/Passwords/darkweb2017-top1000.txt -f $ip http-get /manager/html
|