Exploiting common Tomcat vulnerabilities.
Backup Operator Privilege Escalation
Extracting domain controller credentials using the Backup Operators group.
Active Directory Explorer
Using Microsoft AD Explorer to collect Active Directory attack path information.