# Lab Setup & Configuration

#### Topics

> 1. [Lab Setup & Configuration](https://dev-angelist.gitbook.io/home/common-services-pentest/web-services-80-443-8080/tomcat/lab-setup-and-configuration)
> 2. [Enumeration](https://dev-angelist.gitbook.io/home/common-services-pentest/web-services-80-443-8080/tomcat/enumeration)
> 3. [Exploitation](https://dev-angelist.gitbook.io/home/common-services-pentest/web-services-80-443-8080/tomcat/exploitation)
> 4. [Mitigation & Hardening](https://dev-angelist.gitbook.io/home/common-services-pentest/web-services-80-443-8080/tomcat/mitigation-and-hardening)

## Installation

Apache Tomcat depends on Java, so the Java JDK must be installed on your server. Use the following command to install it:

```bash
sudo apt install openjdk-21-jdk
```

Create a new user named `tomcat` with the following command:

```bash
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
```

Download the Tomcat tar.gz file from the [official website](https://tomcat.apache.org/download-11.cgi).

Download the latest version to the Ubuntu machine and extract the files:

```bash
wget https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.0/bin/apache-tomcat-11.0.0.tar.gz
tar -xvf apache-tomcat-11.0.0.tar.gz
```

Move the extracted folder to the `/opt/tomcat` directory, assign ownership to the `tomcat` user, and set execution permissions for the binary files:

```bash
mv apache-tomcat-11.0.0/* /opt/tomcat
chown -R tomcat: /opt/tomcat
sh -c 'chmod +x /opt/tomcat/bin/*.sh'
```

Create a `tomcat.service` file in the `/etc/systemd/system/` directory with the following content:

```ini
[Unit]
Description=Apache Tomcat
After=network.target

[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64
Environment=CATALINA_PID=/opt/tomcat/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
ExecReload=/bin/kill $MAINPID
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
```

Reload the systemd daemon to apply the changes:

```bash
systemctl daemon-reload
```

Enable the Tomcat service to start automatically on reboot:

```bash
systemctl enable --now tomcat
```

Check the Tomcat server status:

```bash
systemctl status tomcat
```

***

## Configuration

Once installation is complete, configure the Tomcat server.

To set an admin user password, modify the `tomcat-users.xml` file:

```bash
nvim /opt/tomcat/conf/tomcat-users.xml
```

If `neovim` is not installed, install it using:

```bash
sudo apt install neovim
```

Add the following lines before the closing `</tomcat-users>` tag:

```xml
xmlCopia codice<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="password" roles="admin-gui,manager-gui"/>
```

To enable remote access for the Tomcat Manager, edit the `context.xml` file in both the `manager` and `host-manager` directories:

```bash
nvim /opt/tomcat/webapps/manager/META-INF/context.xml
nvim /opt/tomcat/webapps/host-manager/META-INF/context.xml
```

Remove the following line from both files:

```xml
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
```

Restart the Tomcat service:

```bash
systemctl restart tomcat
```

Verify that the Tomcat server is running on port `8080`.