A Docker container to interact with open AJP ports
AJP is a binary protocol that is meant to optimize the HTTP protocol in situations where a webserver like Apache would need to talk to Tomcat, since Apache is much faster at serving static content than Tomcat is. However, should AJP's port be exposed, it is not hard to simply configure an Apache webserver with AJP modules to get access to the Tomcat manager.
All of the material that I've found related to this misconfiguration (e.g. HTB Academy, HackTricks) explain the exploitation by installing apache or nginx locally, which I don't particularly like. This repository "dockerizes" the whole process.
Prereqs: Docker 🐳
- Change the
$TARGETinconf/ajp-proxy.confto the remote host that has the exposed port - Run
build-docker.shto automate the build process and run the container (you may need to change what port the container uses is 80/tcp is already in use) - Visit
http[://]127.0.0.1to see the Tomcat Manager - Run
docker stop CONTAINER_IDto stop the container safely
I don't plan on adding these because this was like a 10-15 min job, but feel free to fork or even make a pull request :)
- Automate the process of changing the
$TARGET - Make the container smaller, use Alpine?