Web
Nmap discovered a web server on the target port 8080
The running service is Apache Tomcat/Coyote JSP engine 1.1
Webroot
It’s the default installation page for Apache Tomcat
I can see the version information; Apache Tomcat 7.0.88
Manager role
When it comes to Apache Tomcat, gaining a foothold is usually through uploading and deploying a WAR file to get code execution This requires authentication and the credential must have a form of manager role; either manager-gui or manager-script
Credentials as well as roles are defined in the $CATALINA_HOME/conf/tomcat-users.xml file
Heading over to /manager/html, indeed prompts me for the basic HTTP authentication
Authentication
trying the default credential; tomcat:s3cret
surprisingly, i was able to authenticate with the default credential; tomcat:s3cret
Now that I have a credential with a manager role, I can move on to the Exploitation phase.