From the Nmap scan and enumeration, we got to know that our target is running an Apache Tomcat web server. It is active on port 8180. We can hit the target IP on port 8180 through the browser and see the web server default page as shown in the following image:

Now we open up the Metasploit console and search for any exploits matching Tomcat server as shown in the following image:

We'll use the exploit tomcat_mgr_deploy as shown in the following image. We implicitly select the exploit payload as java/meterpreter/reverse_tcp  and then configure other options such as RHOST, LHOST, the default username/password, and the target port.

The exploit was successful and it gave us a Meterpreter session.