Hello, I hope that this new post finish resolving all the outstanding questions in

the old forum astalavista.
We are going to start using as an example a site recently exploited. Thks to Fausto.
We are trying to gain access to the following site resources

http://sre.edenor.com/mamager/html user:web_test pass:extranet
After this initial authentication we will be able to access the Tomcat Console

user:admin pass:omegs3
   
After downloading the .war files, uncompress the files into you desktop and using
a

simple notepad search for entries like user,pass, pw, ps.  Of course you can modify the application code. Then you can hide your own code into the application. 


You can upload your own .war files hardcoding ssh frontend, for gain internal

access, etc

http://img406.imageshack.us/img406/2662/dsc37857wa5.png

http://img444.imageshack.us/img444/3224/dsc76547yb8.png

Hi, I've fixed the links:

http://img406.imageshack.us/img406/2662/dsc37857wa5.png

http://img444.imageshack.us/img444/3224/dsc76547yb8.png

Thanx for the information.