Under Utilized Metasploit Modules #2

So I’m working on an Internal Penetration Test currently against a financial institution. Surprisingly I didn’t find any Apache Tomcat default installations (Tomcat Manager –> deploy meterpreter as a war file)

I didn’t find really any of the usual low hanging fruits.

I did however find an outdated IBM WebSphere Instance that is vulnerable to a Java Deserialization Remote Code execution (RCE).

Guess what, it worked like a charm 😀

Link to more information about the module is HERE

Read all the entries in this series!


Leave a Reply