AJP
Nmap discovered a AJP endpoint on the target port 8009
The running service is Apache Jserv (Protocol v1.3)
The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.
┌──(kali㉿kali)-[~/archive/thm/thompson]
└─$ nmap -sV --script ajp-auth,ajp-headers,ajp-methods,ajp-request -n -p 8009 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-07-12 11:47 CEST
Nmap scan report for 10.10.254.199
Host is up (0.028s latency).
PORT STATE SERVICE VERSION
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
| ajp-headers:
|_ Content-Type: text/html;charset=UTF-8
| ajp-request:
| AJP/1.3 200 200
| Content-Type: text/html;charset=UTF-8
|
| e</a></li>
| <li><a href="http://tomcat.apache.org/taglibs/">Taglibs</a></li>
| <li><a href="/docs/deployer-howto.html">Deployer</a></li>
| </ul>
| </div>
| </div>
| <div class="col20">
| <div class="container">
| <h4>Other Documentation</h4>
| <ul>
| <li><a href="http://tomcat.apache.org/connectors-doc/">Tomcat Connectors</a></li>
| <li><a href="http://tomcat.apache.org/connectors-doc/">mod_jk Documentation</a></li>
| <li><a href="http://tomcat.apache.org/native-doc/">Tomcat Native</a></li>
| <li><a href="/docs/deployer-howto.html">Deployer</a></li>
| </ul>
| </div>
| </div>
| <div class="col20">
| <div class="container">
| <h4>Get Involved</h4>
| <ul>
| <li><a href="http://tomcat.apache.org/getinvolved.html">Overview</a></li>
| <li><a href="http://tomcat.apache.org/svn.html">SVN Repositories</a></li>
| <li><a href="http://tomcat.apache.org/lists.html">Mailing Lists</a></li>
| <li><a href="http://wiki.apache.org/tomcat/FrontPage">Wiki</a></li>
| </ul>
| </div>
| </div>
| <div class="col20">
| <div class="container">
| <h4>Miscellaneous</h4>
| <ul>
| <li><a href="http://tomcat.apache.org/contact.html">Contact</a></li>
| <li><a href="http://tomcat.apache.org/legal.html">Legal</a></li>
| <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
| <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
| </ul>
| </div>
| </div>
| <div class="col20">
| <div class="container">
| <h4>Apache Software Foundation</h4>
| <ul>
| <li><a href="http://tomcat.apache.org/whoweare.html">Who We Are</a></li>
| <li><a href="http://tomcat.apache.org/heritage.html">Heritage</a></li>
| <li><a href="http://www.apache.org">Apache Home</a></li>
| <li><a href="http://tomcat.apache.org/resources.html">Resources</a></li>
| </ul>
| </div>
| </div>
| <br class="separator" />
| </div>
| <p class="copyright">Copyright ©1999-2024 Apache Software Foundation. All Rights Reserved</p>
| </div>
| </body>
|
|_</html>
|_ajp-methods: Failed to get a valid response for the OPTION request
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.15 secondsPerforming an additional Nmap scan doesn’t reveal any notable information