Lab Setup & Configuration

Topics

1. Lab Setup & Configuration

2. Enumeration

3. Exploitation

4. Mitigation & Hardening

Installation

Apache Tomcat depends on Java, so the Java JDK must be installed on your server. Use the following command to install it:

sudo apt install openjdk-21-jdk

Create a new user named tomcat with the following command:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Download the Tomcat tar.gz file from the official website.

Download the latest version to the Ubuntu machine and extract the files:

wget https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.0/bin/apache-tomcat-11.0.0.tar.gz
tar -xvf apache-tomcat-11.0.0.tar.gz

Move the extracted folder to the /opt/tomcat directory, assign ownership to the tomcat user, and set execution permissions for the binary files:

mv apache-tomcat-11.0.0/* /opt/tomcat
chown -R tomcat: /opt/tomcat
sh -c 'chmod +x /opt/tomcat/bin/*.sh'

Create a tomcat.service file in the /etc/systemd/system/ directory with the following content:

[Unit]
Description=Apache Tomcat
After=network.target

[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64
Environment=CATALINA_PID=/opt/tomcat/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
ExecReload=/bin/kill $MAINPID
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Reload the systemd daemon to apply the changes:

systemctl daemon-reload

Enable the Tomcat service to start automatically on reboot:

systemctl enable --now tomcat

Check the Tomcat server status:

systemctl status tomcat

---

Configuration

Once installation is complete, configure the Tomcat server.

To set an admin user password, modify the tomcat-users.xml file:

nvim /opt/tomcat/conf/tomcat-users.xml

If neovim is not installed, install it using:

sudo apt install neovim

Add the following lines before the closing </tomcat-users> tag:

xmlCopia codice<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="password" roles="admin-gui,manager-gui"/>

To enable remote access for the Tomcat Manager, edit the context.xml file in both the manager and host-manager directories:

nvim /opt/tomcat/webapps/manager/META-INF/context.xml
nvim /opt/tomcat/webapps/host-manager/META-INF/context.xml

Remove the following line from both files:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

Restart the Tomcat service:

systemctl restart tomcat

Verify that the Tomcat server is running on port 8080.