In the previous chapter, we learned about performing a penetration test on the JBoss Application Server (JBoss AS). Let's now look at another technological platform, known as Apache Tomcat. The Apache Tomcat software was developed in an open and participatory environment and released under Apache License version 2. Apache Tomcat is a Java servlet container that implements multiple core enterprise features, including Java servlets, Java Server Pages (JSP), Java WebSocket, and Java Persistence APIs (JPA). Many organizations have in-house, Java-based applications that are deployed on Apache Tomcat. Vulnerable Apache Tomcat software is a goldmine for threat actors, given that a plethora of payment gateways, core banking applications, and Customer Relationship Management (CRM) platforms, among many other things, run on Apache Tomcat.
In this chapter, we will cover the following topics:
- Introduction to Tomcat
-
The Apache Tomcat architecture
-
Files and their directory structures
-
Detecting Tomcat installations
-
Version detection
-
Performing exploitation on Tomcat
-
An introduction to Apache struts
-
An introduction to OGNL
-
OGNL expression injection